[go: up one dir, main page]

CN107409128A - Techniques for Secure Server Access Using Trusted License Brokers - Google Patents

Techniques for Secure Server Access Using Trusted License Brokers Download PDF

Info

Publication number
CN107409128A
CN107409128A CN201680012399.2A CN201680012399A CN107409128A CN 107409128 A CN107409128 A CN 107409128A CN 201680012399 A CN201680012399 A CN 201680012399A CN 107409128 A CN107409128 A CN 107409128A
Authority
CN
China
Prior art keywords
computing device
address space
identifier
user
client computing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201680012399.2A
Other languages
Chinese (zh)
Other versions
CN107409128B (en
Inventor
O·伦兹
N·米尔施坦恩
I·贝蒂察夫斯基
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Intel Corp
Original Assignee
Intel Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel Corp filed Critical Intel Corp
Publication of CN107409128A publication Critical patent/CN107409128A/en
Application granted granted Critical
Publication of CN107409128B publication Critical patent/CN107409128B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/103Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for protecting copyright

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Technology Law (AREA)
  • Multimedia (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

Techniques for secure server access include a client computing device loading a license agent into a secure enclave established by a processor of the client computing device. The license agent receives a request from an application to access a remote server device. The license agent opens a secure connection with the server device and performs remote attestation of the secure enclave. The license agent authenticates the user and sends the machine identifier and the user identifier to the server device. The machine identifier may be based on an enclave sealing key of the client computing device. The server device verifies that the machine identifier and the user identifier are bound to a valid application license. If the machine identifier and the user identifier are successfully verified, the application communicates with the server device using the secure connection. Other embodiments are also described and claimed.

Description

使用受信许可证代理进行安全服务器访问的技术Techniques for Secure Server Access Using Trusted License Brokers

相关申请的交叉引用Cross References to Related Applications

本申请要求于2015年3月27日提交的题为“TECHNOLOGIES FOR SECURE SERVERACCESS USING A TRUSTED LICENSE AGENT”的美国实用新型专利申请14/670,959的优先权。This application claims priority to US Utility Patent Application 14/670,959, filed March 27, 2015, entitled "TECHNOLOGIES FOR SECURE SERVERACCESS USING A TRUSTED LICENSE AGENT."

背景技术Background technique

许多现代计算应用包括在线特征,允许应用访问存储在远程服务器上的数据。例如,多人游戏可以访问远程服务器,并且许多内容应用程序也可以访问远程服务器。服务提供商可能会对在线数据的访问收费,从而可以认证客户端应用。典型的解决方案可以在客户端设备和远程服务器之间创建受信的通信信道,例如使用安全网络连接。然而,客户端应用可以是由客户端设备执行的普通的、不受保护的客户端应用,因此服务器可能不能保证客户端应用的真实性。Many modern computing applications include online features that allow applications to access data stored on remote servers. For example, multiplayer games can access remote servers, and many content applications can also access remote servers. Service providers may charge for access to online data, allowing client applications to be authenticated. A typical solution creates a trusted communication channel between a client device and a remote server, for example using a secure network connection. However, the client application may be an ordinary, unprotected client application executed by the client device, so the server may not be able to guarantee the authenticity of the client application.

附图说明Description of drawings

这里描述的概念在附图中通过示例而不是限制的方式来进行说明。为了说明的简单和清楚,附图中所示的元件不一定按比例绘制。在适当的情况下,图中已经重复了参考标签以表明相应或相似的元件。The concepts described herein are illustrated in the drawings by way of example and not limitation. For simplicity and clarity of illustration, elements shown in the figures have not necessarily been drawn to scale. Where appropriate, reference labels have been repeated among the figures to indicate corresponding or analogous elements.

图1是用于安全服务器访问的系统的至少一个实施例的简化框图;Figure 1 is a simplified block diagram of at least one embodiment of a system for secure server access;

图2是可以由图1的系统建立的各种环境的至少一个实施例的简化框图;Figure 2 is a simplified block diagram of at least one embodiment of various environments that may be established by the system of Figure 1;

图3是可以由图1和图2的系统的客户端计算设备执行的用于安全服务器访问的方法的至少一个实施例的简化流程图;和Figure 3 is a simplified flowchart of at least one embodiment of a method for secure server access that may be performed by a client computing device of the systems of Figures 1 and 2; and

图4是可以由图1和图2的系统的服务器设备执行的用于安全服务器访问的方法的至少一个实施例的简化流程图。4 is a simplified flowchart of at least one embodiment of a method for secure server access that may be performed by a server device of the systems of FIGS. 1 and 2 .

具体实施方式detailed description

虽然本公开的概念易于进行各种修改和替代形式,但是其具体实施例已经附图中通过示例的方式示出,并且将在本文中进行详细描述。然而,应当理解,并不意图将本公开的概念限制为所公开的特定形式,相反,本发明旨在涵盖与本公开和所附权利要求一致的所有修改、等同方案和替代方案。While the concepts of the present disclosure are susceptible to various modifications and alternative forms, specific embodiments thereof have been shown by way of example in the drawings and will be described in detail herein. It should be understood, however, that there is no intent to limit the disclosed concepts to the particular forms disclosed, but on the contrary, the invention is to cover all modifications, equivalents, and alternatives consistent with the disclosure and appended claims.

说明书中对“一个实施例”,“实施例”,“说明性实施例”等的提及表明所描述的实施例可以包括特定特征、结构或特性,但是每个实施例可以或可以不必然包括特定的特征、结构或特性。此外,这样的短语不一定指代相同的实施例。此外,当结合实施例描述特定特征、结构或特性时,认为结合其他实施例来实现这种特征、结构或特性在本领域技术人员的知识范围内,无论是否明确描述。另外,应当理解,以“至少一个A,B和C”的形式包括在列表中的项目可以意指(A);(B);(C);(A和B);(A和C);(B和C);或(A,B和C)。类似地,以“A,B或C中的至少一个”的形式列出的项目可以意指(A);(B);(C);(A和B);(A和C);(B和C);或(A,B和C)。References in the specification to "one embodiment," "an embodiment," "illustrative embodiment," etc., indicate that the described embodiment may include a particular feature, structure, or characteristic, but that each embodiment may or may not necessarily include A particular characteristic, structure, or characteristic. Moreover, such phrases are not necessarily referring to the same embodiment. Furthermore, when a particular feature, structure or characteristic is described in conjunction with an embodiment, it is considered to be within the scope of those skilled in the art to implement such feature, structure or characteristic in combination with other embodiments whether or not explicitly described. Additionally, it should be understood that inclusion of items in the list in the form "at least one of A, B, and C" may mean (A); (B); (C); (A and B); (A and C); (B and C); or (A, B and C). Similarly, an item listed in the form "at least one of A, B, or C" may mean (A); (B); (C); (A and B); (A and C); (B and C); or (A, B and C).

在一些情况下,可以以硬件、固件、软件或其任何组合实现所公开的实施例。所公开的实施例还可以被实现为由可由一个或多个处理器读取和执行的暂时或非暂时机器可读(例如,计算机可读)存储介质所承载或存储的指令。机器可读存储介质可以被实现为用于以机器可读的形式(例如,易失性或非易失性存储器、介质盘或其他介质设备)存储或发送信息的任何存储设备、机制或其他物理结构。In some cases, the disclosed embodiments may be implemented in hardware, firmware, software, or any combination thereof. The disclosed embodiments can also be implemented as instructions carried or stored on a transitory or non-transitory machine-readable (eg, computer-readable) storage medium that can be read and executed by one or more processors. A machine-readable storage medium can be implemented as any storage device, mechanism, or other physical structure.

在附图中,可以以具体的布置和/或顺序示出一些结构或方法特征。然而,应当理解,可能不需要这种具体的布置和/或排序。相反,在一些实施例中,这些特征可以以与说明性图中所示的不同的方式和/或顺序排列。另外,在特定图形中包括结构或方法特征并不意味着在所有实施例中都需要这样的特征,并且在一些实施例中可以不包括这些特征或者可以与其他特征组合。In the drawings, some structural or methodological features may be shown in a particular arrangement and/or order. However, it should be understood that this specific arrangement and/or ordering may not be required. Rather, in some embodiments, features may be arranged in a different manner and/or order than shown in the illustrative figures. Additionally, the inclusion of structural or methodological features in a particular figure does not imply that such features are required in all embodiments, and in some embodiments these features may not be included or may be combined with other features.

现在参考图1,在说明性实施例中,用于安全服务器访问的系统100包括通过网络106通信的若干客户端计算设备102和服务器设备104。在使用中,如下面更详细描述的,每个客户端计算设备102加载受信许可证代理到由相应的客户端计算设备102的处理器保护的安全位址空间(enclave)中。在使用中,受信许可证代理接收由客户端计算设备102执行的应用的访问由服务器设备104提供的应用和/或数据的请求。在安全位址空间内执行的受信许可证代理打开与服务器设备104的安全连接,并执行远程证实过程以证明安全位址空间(因此许可证代理)是完好无缺且真实的。在远程证实之后,受信许可证代理将与客户端计算设备102相关联的机器标识符和用户标识符发送到服务器设备104,并且服务器设备104确定用户和机器的组合是否被允许访问应用和/或数据。如果允许访问,则客户端计算设备102的应用通过由受信许可证代理建立的安全连接访问服务器设备104。因此,系统100允许服务器设备104将对应用的访问权限于机器和用户的特定组合。此外,服务器设备104验证由客户端计算设备102执行的应用程序的完好性,这可以防止未经授权的客户端的访问(例如,通过阻止被修改或以其他方式受到攻击的客户端应用程序的访问)。Referring now to FIG. 1 , in an illustrative embodiment, a system 100 for secure server access includes a number of client computing devices 102 and a server device 104 that communicate over a network 106 . In use, as described in more detail below, each client computing device 102 loads a trusted license agent into a secure enclave protected by a processor of the respective client computing device 102 . In use, the trusted license agent receives requests from applications executed by client computing devices 102 to access applications and/or data provided by server devices 104 . A trusted license agent executing within the secure address space opens a secure connection with the server device 104 and performs a remote attestation process to prove that the secure address space (and thus the license agent) is intact and authentic. After remote attestation, the trusted license agent sends the machine identifier and user identifier associated with the client computing device 102 to the server device 104, and the server device 104 determines whether the combination of user and machine is allowed to access the application and/or data. If access is permitted, the application of the client computing device 102 accesses the server device 104 through a secure connection established by the trusted license broker. Thus, system 100 allows server device 104 to restrict access to applications to specific combinations of machines and users. In addition, server device 104 verifies the integrity of applications executed by client computing device 102, which may prevent access by unauthorized clients (e.g., by preventing access to client applications that have been modified or otherwise compromised) ).

每个客户端计算设备102可以体现为能够执行本文描述的功能的任何类型的计算或计算机设备,包括但不限于计算机,台式计算机,工作站,膝上型计算机,笔记本计算机,平板计算机,移动计算设备,可穿戴计算设备,网络设备,web设备,分布式计算系统,基于处理器的系统和/或消费者电子设备。如图1所示,客户端计算设备102示例性地包括处理器120、输入/输出子系统124、存储器126、数据存储设备128和通信电路130。当然,在其它实施例中,客户端计算设备102可以包括其他或附加组件,例如在台式计算机中常见的那些(例如,各种输入/输出设备)。另外,在一些实施例中,一个或多个说明性组件可以并入或以其他方式形成另一组件的一部分。例如,在一些实施例中,存储器126或其部分可并入一个或多个处理器120中。Each client computing device 102 may embody any type of computing or computer device capable of performing the functions described herein, including but not limited to computers, desktop computers, workstations, laptop computers, notebook computers, tablet computers, mobile computing devices , wearable computing devices, networking devices, web devices, distributed computing systems, processor-based systems and/or consumer electronic devices. As shown in FIG. 1 , client computing device 102 illustratively includes processor 120 , input/output subsystem 124 , memory 126 , data storage device 128 , and communication circuitry 130 . Of course, in other embodiments, client computing device 102 may include other or additional components, such as those commonly found in desktop computers (eg, various input/output devices). Additionally, in some embodiments, one or more illustrative components may incorporate or otherwise form part of another component. For example, memory 126 , or portions thereof, may be incorporated into one or more processors 120 in some embodiments.

处理器120可以被实现为能够执行本文所描述的功能的任何类型的处理器。处理器120可以被实现为单核或多核处理器、数字信号处理器、微控制器或其他处理器或处理/控制电路。在一些实施例中,处理器120包括安全位址空间支持122。安全位址空间支持122允许处理器120建立被称为安全位址空间的受信执行环境,其中可以测量、验证和/或以其他方式确定执行代码是真实的。此外,包括在安全位址空间中的代码和数据可以被加密或以其他方式保护,以防止被在安全位址空间之外执行的代码访问。例如,包括在安全位址空间中的代码和数据可以被处理器120的硬件保护机制保护,同时被执行或者被存储在处理器120的特定受保护的高速缓冲存储器中。包括在安全位址空间中的代码和数据可以在存储在共享高速缓存或主存储器126中时被加密。安全位址空间支持122可被实施为一组处理器指令扩展,其允许处理器120在存储器126中建立一个或多个安全位址空间。例如,安全位址空间支持122可以体现为软件防护扩展(SGX)技术。Processor 120 may be implemented as any type of processor capable of performing the functions described herein. Processor 120 may be implemented as a single-core or multi-core processor, digital signal processor, microcontroller, or other processor or processing/control circuitry. In some embodiments, processor 120 includes secure address space support 122 . Secure address space support 122 allows processor 120 to establish a trusted execution environment, referred to as a secure address space, in which executing code can be measured, verified, and/or otherwise determined to be authentic. Additionally, code and data included in the secure address space may be encrypted or otherwise protected from access by code executing outside the secure address space. For example, code and data included in a secure address space may be protected by hardware protection mechanisms of the processor 120 while being executed or stored in a specific protected cache memory of the processor 120 . Code and data included in the secure address space may be encrypted while stored in shared cache or main memory 126 . Secure address space support 122 may be implemented as a set of processor instruction extensions that allow processor 120 to establish one or more secure address spaces in memory 126 . For example, secure address space support 122 may be embodied as Software Guard Extensions (SGX) technology.

存储器126可以被实施为能够执行本文描述的功能的任何类型的易失性或非易失性存储器或数据存储。在操作中,存储器126可以存储在客户端计算设备102的操作期间使用的各种数据和软件,诸如操作系统、应用、程序、库和驱动器。存储器126经由I/O子系统124通信地耦合到处理器120,I/O子系统124可被实现为促进与处理器120、存储器126和客户端计算设备102的其他组件的输入/输出操作的电路和/或组件。例如,I/O子系统124可以被实施或为以其它方式包括存储器控制器集线器、输入/输出控制集线器、固件设备、通信链路(即,点到点链路,总线链路,电线,电缆,光导,印刷电路板迹线等)和/或其他组件和子系统以促进输入/输出操作。在一些实施例中,I/O子系统124可以形成片上系统(SoC)的一部分,并且与处理器120、存储器126和客户端计算设备102的其他组件一起并入到单个集成电路芯片上。Memory 126 may be implemented as any type of volatile or non-volatile memory or data storage capable of performing the functions described herein. In operation, memory 126 may store various data and software used during operation of client computing device 102 , such as operating systems, applications, programs, libraries, and drivers. Memory 126 is communicatively coupled to processor 120 via I/O subsystem 124, which may be implemented to facilitate input/output operations with processor 120, memory 126, and other components of client computing device 102. circuits and/or components. For example, I/O subsystem 124 may be implemented or otherwise include a memory controller hub, an input/output control hub, firmware devices, communication links (i.e., point-to-point links, bus links, wires, cables , light guides, printed circuit board traces, etc.) and/or other components and subsystems to facilitate input/output operations. In some embodiments, I/O subsystem 124 may form part of a system on a chip (SoC) and be incorporated on a single integrated circuit chip along with processor 120 , memory 126 and other components of client computing device 102 .

数据存储设备128可以被实施为被配置用于数据的短期或长期存储的任何类型的一个设备或多个设备,例如存储器设备和电路,存储卡,硬盘驱动器,固态驱动器或其他数据存储设备。在一些实施例中,数据存储设备128可用于存储一个或多个安全位址空间的内容。当由数据存储设备128存储时,可以对安全位址空间的内容加密,以防止未经授权的访问。Data storage device 128 may be implemented as any type of device or devices configured for short-term or long-term storage of data, such as memory devices and circuits, memory cards, hard drives, solid-state drives, or other data storage devices. In some embodiments, data storage device 128 may be used to store the contents of one or more secure address spaces. When stored by data storage device 128, the contents of the secure address space may be encrypted to prevent unauthorized access.

客户端计算设备102的通信电路130可以被实现为能够实现客户端计算设备102,服务器设备104和/或其他远程设备之间通过网络106的通信的任何通信电路、设备或其集合。通信电路130可以被配置为使用任何一种或多种通信技术(例如,有线或无线通信)和相关联的协议(例如,以太网,WiMAX等)来实现这样的通信。Communication circuitry 130 of client computing device 102 may be implemented as any communication circuit, device, or collection thereof that enables communication between client computing device 102, server device 104, and/or other remote devices over network 106. Communications circuitry 130 may be configured to use any one or more communications technologies (e.g., wired or wireless communications) and associated protocols (e.g., Ethernet, WiMAX, etc.) to realize such communication.

服务器设备104被配置为验证并向每个客户端计算设备102的受信许可证代理提供应用服务和/或数据。服务器设备104可被实现为能够执行本文所描述的功能的任何类型的计算或计算机设备,包括但不限于计算机,多处理器系统,服务器,机架式服务器,刀片服务器,膝上型计算机,笔记本计算机,平板计算机,可穿戴计算设备,网络设备,web设备,分布式计算系统,基于处理器的系统和/或消费电子设备。示例性地,服务器设备104包括处理器140、I/O子系统142、存储器144、数据存储设备146、通信电路148和/或在服务器或类似计算设备中通常所见的其他组件和设备。服务器设备104的这些单独组件可以类似于客户端计算设备102的相应组件,其描述适用于服务器设备104的相应组件,并且在本文中不重复,以免使本公开内容变得不清楚。另外,在一些实施例中,服务器设备104可被实施为由跨越网络106分布并在公共或私有云中操作的多个计算设备形成的“虚拟服务器”。因此,尽管图1中示出了服务器设备104实施为单个服务器计算设备,应当理解,服务器设备104可以被实现为协作以促进下面描述的功能的多个设备。The server device 104 is configured to authenticate and provide application services and/or data to the trusted license broker of each client computing device 102 . Server device 104 may be implemented as any type of computing or computer device capable of performing the functions described herein, including but not limited to computers, multi-processor systems, servers, rack servers, blade servers, laptops, notebooks Computers, tablet computers, wearable computing devices, networking devices, web devices, distributed computing systems, processor-based systems and/or consumer electronics devices. Illustratively, server device 104 includes processor 140, I/O subsystem 142, memory 144, data storage device 146, communication circuitry 148, and/or other components and devices typically found in a server or similar computing device. These individual components of server device 104 may be similar to corresponding components of client computing device 102, which description applies to corresponding components of server device 104 and are not repeated herein so as not to obscure the present disclosure. Additionally, in some embodiments, server device 104 may be implemented as a "virtual server" formed from multiple computing devices distributed across network 106 and operating in a public or private cloud. Thus, while server device 104 is shown in FIG. 1 as being implemented as a single server computing device, it should be understood that server device 104 may be implemented as multiple devices that cooperate to facilitate the functions described below.

如下面更详细地讨论的,客户端计算设备102和服务器设备104可以被配置为通过网络106彼此之间和/或与系统100的其他设备发送和接收数据。网络106可以被实施为任何数量的各种有线和/或无线网络。例如,网络106可以被实施为或以其它方式包括有线或无线局域网(LAN)、有线或无线广域网(WAN),蜂窝网络和/或可公共访问的全球网络如因特网。因此,网络106可以包括任何数量的附加设备,诸如附加计算机、路由器和交换机,以促进系统100的设备之间的通信。As discussed in more detail below, client computing device 102 and server device 104 may be configured to send and receive data over network 106 with each other and/or with other devices of system 100 . Network 106 may be implemented as any number of various wired and/or wireless networks. For example, network 106 may be implemented as or otherwise include a wired or wireless local area network (LAN), a wired or wireless wide area network (WAN), a cellular network, and/or a publicly accessible global network such as the Internet. Accordingly, network 106 may include any number of additional devices, such as additional computers, routers, and switches, to facilitate communication between devices of system 100 .

现在参考图2,在说明性的实施例中,客户端计算设备102在操作期间建立环境200。说明性环境200包括应用202、许可证代理加载器模块204和安全位址空间206。环境200的各种模块可以实施为硬件、固件、软件或其组合。例如,环境200的各种模块、逻辑和其他组件可以形成客户端计算设备102的处理器120或其他硬件组件的一部分,或以其他方式由客户端计算设备102的处理器120或其他硬件组件建立。因此,在一些实施例中,环境200的任意一个或多个模块可被实施为电气设备的电路或集合(例如,许可证代理加载器电路,安全位址空间电路等)。Referring now to FIG. 2 , in an illustrative embodiment, client computing device 102 establishes environment 200 during operation. The illustrative environment 200 includes an application 202 , a license agent loader module 204 and a secure address space 206 . The various modules of environment 200 may be implemented as hardware, firmware, software, or a combination thereof. For example, various modules, logic, and other components of environment 200 may form part of, or otherwise be established by, processor 120 or other hardware components of client computing device 102 . Thus, in some embodiments, any one or more modules of environment 200 may be implemented as a circuit or collection of electrical devices (eg, license agent loader circuit, secure address space circuit, etc.).

应用202可以被实现为被配置为访问由服务器设备104提供的服务或数据的任何用户应用、系统应用、模块、脚本或其他计算机程序。应用202可以被实现为本地应用、Web应用、字节码、源代码或可由客户端计算设备102执行的任何其他代码。例如,应用202可以被实现为内容应用(例如,新闻门户,地图应用,旅行指南,健康门户,金融门户等),其访问由服务器设备104存储的数据。作为另一示例,应用202可以被实现为访问由服务器设备104维护的游戏状态的游戏。Application 202 may be implemented as any user application, system application, module, script, or other computer program configured to access services or data provided by server device 104 . Application 202 may be implemented as a native application, a web application, bytecode, source code, or any other code executable by client computing device 102 . For example, application 202 may be implemented as a content application (eg, news portal, map application, travel guide, health portal, financial portal, etc.) that accesses data stored by server device 104 . As another example, application 202 may be implemented as a game that accesses game state maintained by server device 104 .

许可证代理加载器模块204被配置为将许可证代理208加载到由客户端计算设备102的处理器120建立的安全位址空间206中。许可证代理加载器模块204可以包括在应用202中或与应用202一起安装。许可证代理加载器模块204在安全位址空间206外部执行,并且因此可能不是安全的或由客户端计算设备102以其他方式验证。License agent loader module 204 is configured to load license agent 208 into secure address space 206 established by processor 120 of client computing device 102 . License agent loader module 204 may be included in or installed with application 202 . License proxy loader module 204 executes outside of secure address space 206 and thus may not be secure or otherwise authenticated by client computing device 102 .

安全位址空间206被配置为在环境200内提供隔离且安全的执行环境。在一些实施例中,安全位址空间206可以被实施为基于软件的受信执行环境;即,使用客户端计算设备102的处理器120安全地执行软件的受信执行环境。例如,安全位址空间206可被实施为使用处理器120的安全位址空间支持122建立的一个或多个安全位址空间,例如使用SGX技术建立的安全位址空间。安全位址空间206还建立许可证代理208。说明性的许可证代理208包括应用请求模块210、证明模块212、用户认证模块214和服务器访问模块216。安全位址空间206的各种模块和组件可以被实现为硬件、固件、软件或其组合。例如,安全位址空间206的各种模块、逻辑和其他组件可以形成客户端计算设备102的处理器120或其他硬件组件的一部分,或以其他方式由其构建。因此,在一些实施例中,安全位址空间206的任何一个或多个模块可被实施为电气设备的电路或集合(例如,许可证代理电路、应用请求电路、证明电路等)。Secure address space 206 is configured to provide an isolated and secure execution environment within environment 200 . In some embodiments, the secure address space 206 may be implemented as a software-based trusted execution environment; that is, a trusted execution environment that executes software securely using the processor 120 of the client computing device 102 . For example, secure address space 206 may be implemented as one or more secure address spaces established using secure address space support 122 of processor 120, such as using The secure address space established by SGX technology. Secure address space 206 also establishes license broker 208 . The illustrative license broker 208 includes an application request module 210 , an attestation module 212 , a user authentication module 214 , and a server access module 216 . The various modules and components of secure address space 206 may be implemented as hardware, firmware, software, or a combination thereof. For example, various modules, logic, and other components of the secure address space 206 may form part of or otherwise be constructed by the processor 120 or other hardware components of the client computing device 102 . Thus, in some embodiments, any one or more modules of secure address space 206 may be implemented as a circuit or collection of electrical devices (eg, license proxy circuit, application request circuit, attestation circuit, etc.).

应用请求模块210被配置为从应用202接收访问远程服务器设备104的请求。应用请求模块210可以被配置为响应于接收到访问远程服务器设备104的请求而打开与远程服务器设备104的安全连接。The application request module 210 is configured to receive a request from the application 202 to access the remote server device 104 . The application request module 210 may be configured to open a secure connection with the remote server device 104 in response to receiving a request to access the remote server device 104 .

证明模块212被配置为使用客户端计算设备102和远程服务器设备104之间的安全连接来执行安全位址空间206向远程服务器设备104的远程证实。远程证实可以包括生成安全位址空间206的测量并将该测量发送到远程服务器设备104。该测量可以指示与安全位址空间206相关联的安全日志,并且安全日志可以指示安全位址空间206的内容和安全位址空间206的创建顺序。Attestation module 212 is configured to perform remote attestation of secure address space 206 to remote server device 104 using a secure connection between client computing device 102 and remote server device 104 . Remote attestation may include generating a measure of secure address space 206 and sending the measure to remote server device 104 . The measurement may be indicative of a security log associated with the secure address space 206, and the security log may be indicative of the contents of the secure address space 206 and the order in which the secure address space 206 was created.

用户认证模块214被配置为认证计算设备102的用户。用户认证模块214可以被配置为从用户接收用户凭证,并且在一些实施例中可以使用客户端计算设备102的受信的I/O路径来接收凭证。User authentication module 214 is configured to authenticate a user of computing device 102 . User authentication module 214 may be configured to receive user credentials from a user, and in some embodiments may use a trusted I/O path of client computing device 102 to receive credentials.

服务器访问模块216被配置为在认证用户之后使用安全连接将机器标识符和用户标识符发送到远程服务器设备104。服务器访问模块216还被配置为允许应用202在发送机器标识符和用户标识符之后访问与远程服务器设备104的安全连接,并且在一些实施例中,从远程服务器设备104接收成功响应。机器标识符可以被实现为被配置为安全且唯一地标识特定计算设备102的任何类型的数据。服务器访问模块216可以被配置为根据唯一的密钥生成机器标识符,该唯一密钥对于特定安全位址空间206和客户端计算设备102的组合是唯一的。例如,唯一密钥可被实现为位址空间密封密钥。类似地,用户标识符可以实施为被配置为识别计算设备102的特定用户的任何凭证或其他类型的数据。The server access module 216 is configured to send the machine identifier and the user identifier to the remote server device 104 using a secure connection after authenticating the user. The server access module 216 is also configured to allow the application 202 to access the secure connection with the remote server device 104 after sending the machine identifier and the user identifier, and in some embodiments, receive a success response from the remote server device 104 . A machine identifier may be implemented as any type of data configured to securely and uniquely identify a particular computing device 102 . Server access module 216 may be configured to generate a machine identifier based on a unique key that is unique to a particular combination of secure address space 206 and client computing device 102 . For example, the unique key can be implemented as an address space sealing key. Similarly, a user identifier may be implemented as any credential or other type of data configured to identify a particular user of computing device 102 .

仍然参考图2,在说明性实施例中,服务器设备104在操作期间建立环境220。说明性的环境220包括应用222、应用许可证模块226、客户端计算设备模块230、证实模块232和访问验证模块234。环境220的各种模块可以实施为硬件、固件、软件或其组合。例如,环境220的各种模块、逻辑和其他组件可以形成服务器设备104的处理器140或其他硬件组件的一部分,或以其他方式由其建立。这样,在一些实施例中,环境220的任何一个或多个模块可以被实现为电气设备的电路或集合(例如,应用许可证电路、客户端计算设备电路等)。Still referring to FIG. 2 , in an illustrative embodiment, server device 104 establishes environment 220 during operation. The illustrative environment 220 includes an application 222 , an application license module 226 , a client computing device module 230 , a validation module 232 , and an access verification module 234 . The various modules of environment 220 may be implemented as hardware, firmware, software, or a combination thereof. For example, various modules, logic, and other components of environment 220 may form part of, or otherwise be established by, processor 140 or other hardware components of server device 104 . As such, in some embodiments, any one or more modules of environment 220 may be implemented as a circuit or collection of electrical devices (eg, application license circuits, client computing device circuits, etc.).

应用222可以实施为被配置为向客户端计算设备102提供服务或数据的任何用户应用、系统应用、模块、脚本或其他计算机程序。应用222可以被实施为本机应用、Web应用、字节码、源代码或可能由服务器设备104执行的任何其他代码。例如,应用222可以被实施为内容门户、在线游戏或其他应用。如图所示,应用222可以存储、维护或以其他方式访问可以包括内容数据、游戏状态数据或应用222使用的其他数据的应用数据224。Application 222 may be implemented as any user application, system application, module, script, or other computer program configured to provide services or data to client computing device 102 . Applications 222 may be implemented as native applications, web applications, bytecode, source code, or any other code that may be executed by server device 104 . For example, application 222 may be implemented as a content portal, online game, or other application. As shown, application 222 may store, maintain, or otherwise access application data 224 , which may include content data, game state data, or other data used by application 222 .

应用许可证模块226被配置为将机器标识符和用户标识符绑定到应用许可证。如上所述,机器标识符指示特定客户端计算设备102和由客户端计算设备102的处理器120建立的安全位址空间206的组合。机器标识符可以根据唯一密钥来生成,唯一密钥对于客户端计算设备102和客户端计算设备102的安全位址空间206(例如位址空间密封密钥)的组合而言是独一无二的。应用许可证模块226可以被配置为将服务器挑战数据项发送到客户端计算设备102,并且机器标识符可以进一步指示服务器挑战数据项。应用许可证模块226可以被配置为从客户端计算设备102接收机器标识符和用户标识符。机器标识符和/或用户标识符可以存储在许可证数据228中或以其他方式与许可证数据228相关联。The application license module 226 is configured to bind the machine identifier and the user identifier to the application license. As noted above, the machine identifier indicates the combination of a particular client computing device 102 and the secure address space 206 established by the processor 120 of the client computing device 102 . The machine identifier may be generated from a unique key that is unique to the combination of the client computing device 102 and the secure address space 206 of the client computing device 102 (eg, an address space sealing key). Application license module 226 may be configured to send the server challenge data item to client computing device 102, and the machine identifier may further indicate the server challenge data item. Application license module 226 may be configured to receive a machine identifier and a user identifier from client computing device 102 . The machine identifier and/or user identifier may be stored in or otherwise associated with license data 228 .

客户端计算设备模块230被配置为在机器标识符和用户标识符被绑定到应用许可证之后打开与客户端计算设备102的安全连接。如下面进一步描述的,客户端计算设备模块230被配置为允许客户端计算设备102在成功地远程证实安全位址空间206之后使用安全连接来访问应用222和/或应用数据224,并成功地验证由客户端计算设备102提供的机器标识符和用户标识符。Client computing device module 230 is configured to open a secure connection with client computing device 102 after the machine identifier and user identifier are bound to the application license. As described further below, client computing device module 230 is configured to allow client computing device 102 to access application 222 and/or application data 224 using a secure connection after successfully remotely attesting to secure address space 206, and successfully authenticating The machine identifier and user identifier provided by the client computing device 102 .

证明模块232被配置为使用安全连接来执行客户端计算设备102的安全位址空间206的远程证实。远程证实可以包括接收安全位址空间206的测量并且基于该测量来验证安全位址空间206是完好的。安全位址空间206的测量可以指示与安全位址空间206相关联的安全日志,并且安全日志可以指示安全位址空间206的内容和安全位址空间206的创建顺序。The attestation module 232 is configured to perform remote attestation of the secure address space 206 of the client computing device 102 using a secure connection. Remote attestation may include receiving measurements of the secure address space 206 and verifying that the secure address space 206 is intact based on the measurements. The measure of secure address space 206 may indicate a security log associated with secure address space 206 , and the security log may indicate the contents of secure address space 206 and the order in which secure address space 206 was created.

访问验证模块234被配置为使用安全连接从客户端计算设备102接收机器标识符和用户标识符,并验证机器标识符和用户标识符。访问验证模块234可以被配置为确定机器标识符和用户标识符是否与先前与应用许可证绑定的机器标识符和用户标识符匹配。如上所述,在机器标识符和用户标识符成功验证之后,客户端计算设备102可以使用安全连接访问应用222和/或应用数据224。The access verification module 234 is configured to receive the machine identifier and the user identifier from the client computing device 102 using a secure connection, and to verify the machine identifier and the user identifier. Access verification module 234 may be configured to determine whether the machine identifier and user identifier match the machine identifier and user identifier previously bound to the application license. As described above, following successful verification of the machine identifier and user identifier, client computing device 102 may access application 222 and/or application data 224 using a secure connection.

现在参考图3,在使用中,客户端计算设备102可以执行用于安全服务器访问的方法300。方法300从框302开始,其中客户端计算设备102为应用202安装受信的许可证代理208。受信许可证代理208可以与应用202一起安装或作为应用202的一部分安装。代码和/或与受信许可证代理208相关联的数据可以包括在应用202中,并且可以以不受保护的格式(例如,不经加密)来传送和/或存储。Referring now to FIG. 3 , in use, a client computing device 102 may perform a method 300 for secure server access. Method 300 begins at block 302 , where client computing device 102 installs trusted license agent 208 for application 202 . Trusted license agent 208 may be installed with or as part of application 202 . Code and/or data associated with trusted license agent 208 may be included in application 202 and may be transmitted and/or stored in an unprotected format (eg, without encryption).

在框304中,客户端计算设备102将受信许可证代理208加载到安全位址空间206中。在被加载到安全位址空间206中之后,受信许可证代理208可以不被篡改或以其他方式通过未经授权的进程访问。另外,如下面进一步描述的,在加载到安全位址空间206中之后,可以使用远程证实过程来验证受信许可证代理208是未被改变的。在说明性实施例中,安全位址空间206保持打开,并且在方法300的执行期间受信许可证代理208保持加载。然而,在一些实施例中,受信许可证代理208可以被卸载(例如,加密和交换到磁盘,或关闭完全脱离(close out of)存储器),然后根据需要被安全地重新加载到安全位址空间206中。In block 304 , the client computing device 102 loads the trusted license agent 208 into the secure address space 206 . After being loaded into secure address space 206, trusted license agent 208 may not be tampered with or otherwise accessed by unauthorized processes. Additionally, after loading into secure address space 206, a remote attestation process may be used to verify that trusted license agent 208 has not been altered, as described further below. In an illustrative embodiment, secure address space 206 remains open, and trusted license agent 208 remains loaded during execution of method 300 . However, in some embodiments, the trusted license agent 208 can be unloaded (e.g., encrypted and swapped to disk, or closed out of memory completely) and then securely reloaded into the secure address space as needed 206 in.

客户端计算设备102可以使用任何适当的技术来将受信许可证代理208加载到安全位址空间206中。例如,客户端计算设备102可以使用处理器120的安全位址空间支持122在存储器126内建立一个或多个安全位址空间。可以例如使用SGX技术来建立安全位址空间。为了建立安全位址空间,客户端计算设备102可以执行一个或多个处理器指令来创建安全位址空间,将存储器页面添加到安全位址空间中,并且完成安全位址空间的测量。当存储器页面被添加到安全位址空间中时,安全位址空间支持122可以基于存储器页面的内容和添加存储器页面的顺序来更新安全日志。完成安全位址空间可以基于安全日志生成测量,例如通过基于安全日志生成安全散列值。安全位址空间完成后,额外的存储器页面可能不会被添加到安全位址空间中。可以使用安全位址空间的测量来识别和区分由客户端计算设备102建立的不同的安全位址空间。Client computing device 102 may load trusted license agent 208 into secure address space 206 using any suitable technique. For example, client computing device 102 may establish one or more secure address spaces within memory 126 using secure address space support 122 of processor 120 . can for example use SGX technology to establish a secure address space. To establish the secure address space, client computing device 102 may execute one or more processor instructions to create the secure address space, add memory pages to the secure address space, and perform measurements of the secure address space. As memory pages are added to the secure address space, secure address space support 122 may update the security log based on the contents of the memory pages and the order in which the memory pages were added. Completing the secure address space may generate measurements based on the secure log, for example by generating a secure hash value based on the secure log. After the secure address space is complete, additional memory pages may not be added to the secure address space. The measure of secure address space can be used to identify and distinguish between different secure address spaces established by the client computing device 102 .

在框306中,客户端计算设备102将用户标识符和机器标识符绑定到应用202的许可证。用户标识符可以被实施为任何用户凭证或标识客户端计算设备的特定用户的其他数据。用户标识符可以包括认证因素(authentication factor),例如用于认证用户的密码。机器标识符可以被实施为安全且唯一地识别特定客户端计算设备102的任何数据。在执行应用202之前,例如在应用202的安装期间或在另一个配置过程中,用户标识符和机器标识符可以被绑定到应用许可证。在一些实施例中,在框308中,客户端计算设备102可以使用位址空间密封密钥来生成机器标识符。位址空间密封密钥可以被实施为在制造时嵌入在安全位址空间支持122中的秘密加密密钥。处理器120可以使用位址空间密封密钥在数据离开处理器120之前对与安全位址空间206相关联的数据进行加密。机器标识符可以被生成为加密散列、签名、派生密钥或从位址空间密封钥匙得到的其它数据。在一些实施例中,可以生成机器标识符作为从服务器设备104接收的位址空间密封密钥和服务器挑战数据项的加密散列。在框310中,客户端计算设备102发送机器标识符和/或用户标识符到服务器设备104。In block 306 , the client computing device 102 binds the user identifier and the machine identifier to the license of the application 202 . A user identifier may be implemented as any user credential or other data that identifies a particular user of the client computing device. The user identifier may include an authentication factor, such as a password used to authenticate the user. A machine identifier may be implemented as any data that securely and uniquely identifies a particular client computing device 102 . The user identifier and machine identifier may be bound to the application license prior to execution of the application 202, eg, during installation of the application 202 or in another configuration process. In some embodiments, in block 308 the client computing device 102 may generate a machine identifier using the address space sealing key. The address space sealing key may be implemented as a secret encryption key embedded in the secure address space support 122 at the time of manufacture. Processor 120 may use an address space sealing key to encrypt data associated with secure address space 206 before the data leaves processor 120 . Machine identifiers can be generated as cryptographic hashes, signatures, derived keys, or other data derived from address space sealing keys. In some embodiments, the machine identifier may be generated as a cryptographic hash of the address space sealing key and server challenge data item received from the server device 104 . In block 310 , the client computing device 102 sends the machine identifier and/or the user identifier to the server device 104 .

在框312中,客户端计算设备102监测应用202以获得访问服务器设备104的请求。客户端计算设备102可以使用任何技术来监测访问服务器设备104的请求。例如,应用202可以例如使用网络请求或其他进程间通信信道向安全位址空间206的受信许可证代理208发出请求。作为另一示例,安全位址空间206的受信许可证代理208可以拦截应用202产生的请求。在框314中,客户端计算设备102确定应用202是否已经生成请求。如果不是,则该方法300循环回到框312以继续监测请求。如果已经生成对服务器设备104的请求,则方法300前进到框316。In block 312 , the client computing device 102 monitors the application 202 for requests to access the server device 104 . Client computing device 102 may monitor requests to access server device 104 using any technique. For example, application 202 may issue a request to trusted license agent 208 of secure address space 206, eg, using a network request or other inter-process communication channel. As another example, trusted license proxy 208 of secure address space 206 may intercept requests made by application 202 . In block 314, the client computing device 102 determines whether the application 202 has generated a request. If not, the method 300 loops back to block 312 to continue monitoring requests. If a request to the server device 104 has been generated, the method 300 proceeds to block 316 .

在框316中,客户端计算设备102的受信许可证代理208与服务器设备104建立安全网络连接。安全网络连接允许在安全位址空间206内执行的受信许可证代理208与远程服务器设备104安全地通信。可以使用任何适当的通信协议或其他技术来建立安全网络连接。例如,可以使用SSL/TLS协议建立安全网络连接。In block 316 , the trusted license agent 208 of the client computing device 102 establishes a secure network connection with the server device 104 . The secure network connection allows the trusted license agent 208 executing within the secure address space 206 to communicate securely with the remote server device 104 . A secure network connection may be established using any suitable communication protocol or other technique. For example, a secure network connection can be established using the SSL/TLS protocol.

在框318中,客户端计算设备102利用远程服务器设备104执行安全位址空间206的远程证实。远程证实向服务器设备104证明,受信许可证代理208正在有效的安全位址空间206中执行,以及受信许可证代理208是真实的(即,受信许可证代理208未被篡改)。为了执行远程证实,客户端计算设备102可以执行SGX技术安全位址空间远程证实流程。In block 318 , client computing device 102 performs remote validation of secure address space 206 with remote server device 104 . The remote attestation proves to server device 104 that trusted license agent 208 is executing in valid secure address space 206 and that trusted license agent 208 is authentic (ie, trusted license agent 208 has not been tampered with). To perform remote attestation, client computing device 102 may execute SGX technology secure address space remote attestation process.

在框320中,客户端计算设备102生成安全位址空间206的测量。该测量可以被实施为密码学安全值,其取决于添加到安全位址空间206的存储器页面的内容以及存储器页面被添加到安全位址空间206的顺序。例如,测量可以实施为在安全位址空间206的构建期间生成的安全日志的加密散列。可以使用处理器120的专门的处理器指令来生成测量,例如作为EREPORT指令。测量还可以绑定到客户端计算设备102的硬件。例如,测量可以包括使用与由客户端计算设备102建立的特定安全位址空间相关联的加密密钥(例如,报告密钥)产生的消息认证码(MAC)。在一些实施例中,客户端计算设备102可以使用与客户端计算设备102相关联的特定于设备的私有密钥创建的签名来替换测量的MAC。在生成测量之后,在框322中,客户端计算设备102经由安全网络连接将测量发送到服务器设备104。如下面进一步描述的,服务器设备104可以使用测量来验证安全位址空间206是有效的安全位址空间,并且受信许可证代理208是真实的。In block 320 , the client computing device 102 generates a measure of the secure address space 206 . This measure may be implemented as a cryptographically secure value that depends on the contents of the memory pages added to the secure address space 206 and the order in which the memory pages were added to the secure address space 206 . For example, the measurement may be implemented as a cryptographic hash of a security log generated during construction of the secure address space 206 . Measurements may be generated using dedicated processor instructions of processor 120, for example as an EREPORT instruction. Measurements may also be bound to client computing device 102 hardware. For example, the measurement may include a message authentication code (MAC) generated using an encryption key (eg, a reporting key) associated with a particular secure address space established by the client computing device 102 . In some embodiments, client computing device 102 may replace the measured MAC with a signature created using a device-specific private key associated with client computing device 102 . After generating the measurements, in block 322 the client computing device 102 sends the measurements to the server device 104 via the secure network connection. As described further below, server device 104 may use measurements to verify that secure address space 206 is a valid secure address space and that trusted license agent 208 is authentic.

在框324中,客户端计算设备102认证客户端计算设备102的用户。对用户的认证由受信许可证代理208从安全位址空间206内执行。在对用户进行认证之后,客户端计算设备102生成与经认证的用户相关联的用户标识符,例如用户凭证。客户端计算设备102可以使用任何技术来认证用户。在一些实施例中,在框326中,客户端计算设备102可以从客户端计算设备102的操作系统或其他普通软件接收用户认证数据。例如,受信许可证代理208可以接收用户认证凭证或从操作系统提供的交互式登录提示中收集的其他认证因素。在这些实施例中,用户认证过程的安全性取决于由操作系统提供的安全级别。附加地或替代地,在一些实施例中,在框328中,客户端计算设备102可以使用受保护的I/O路径来接收用户认证数据。例如,客户端计算设备102可以从受信输入设备(例如受信PIN垫)接收认证数据。作为另一示例,客户端计算设备102可以使用受保护的音频/视频路径(例如,PAVP)显示加扰的PIN垫,并且基于加扰的PIN垫接收用户输入。在这些实施例中,受保护的I/O路径可以提供超出由操作系统提供的安全性的附加安全性。In block 324 , the client computing device 102 authenticates the user of the client computing device 102 . Authentication of users is performed by trusted license broker 208 from within secure address space 206 . After authenticating the user, client computing device 102 generates a user identifier, such as a user credential, associated with the authenticated user. Client computing device 102 may use any technique to authenticate the user. In some embodiments, in block 326 the client computing device 102 may receive user authentication data from an operating system or other common software of the client computing device 102 . For example, trusted license agent 208 may receive user authentication credentials or other authentication factors gleaned from interactive login prompts provided by the operating system. In these embodiments, the security of the user authentication process depends on the level of security provided by the operating system. Additionally or alternatively, in some embodiments, in block 328 the client computing device 102 may receive user authentication data using the protected I/O path. For example, client computing device 102 may receive authentication data from a trusted input device (eg, a trusted PIN pad). As another example, client computing device 102 may use a protected audio/video path (e.g., The PAVP) displays the scrambled PIN pad, and receives user input based on the scrambled PIN pad. In these embodiments, protected I/O paths may provide additional security beyond that provided by the operating system.

在框330中,客户端计算设备102经由安全连接将用户标识符和机器标识符发送到服务器设备104。如上所述,用户标识符基于用户认证的结果。类似地,如上所述,机器标识符唯一地标识客户端计算设备102。在一些实施例中,机器标识符还可以标识安全位址空间206和受信许可证代理208。如下面进一步描述的,服务器设备104可以确定由用户标识符和机器标识符描述的用户和机器的特定组合是否被允许访问由服务器设备104维护的应用222和/或应用数据224。In block 330, the client computing device 102 sends the user identifier and the machine identifier to the server device 104 via the secure connection. As mentioned above, the user identifier is based on the result of user authentication. Similarly, the machine identifier uniquely identifies the client computing device 102, as described above. In some embodiments, the machine identifier may also identify the secure address space 206 and the trusted license broker 208 . As described further below, server device 104 may determine whether the particular combination of user and machine described by the user identifier and machine identifier is permitted to access application 222 and/or application data 224 maintained by server device 104 .

在框332中,客户端计算设备102从服务器设备104接收指示是否允许对应用222和/或应用数据224的访问的响应。在框334中,客户端计算设备102基于来自服务器设备104的响应来确定访问是否被允许。如果不是,则方法300循环回到框312以继续监测访问服务器设备104的请求。如果访问已经被允许,则方法300前进到框336。在框336中,客户端计算设备102允许应用202使用安全网络连接访问服务器设备104。应用202可以通过由受信许可证代理208建立的安全网络连接向服务器设备104发出请求和从服务器设备104接收数据。在允许访问安全网络连接之后,方法300循环回到框312以继续监测访问服务器设备104的请求。In block 332 , the client computing device 102 receives a response from the server device 104 indicating whether access to the application 222 and/or application data 224 is permitted. In block 334 , the client computing device 102 determines whether access is permitted based on the response from the server device 104 . If not, the method 300 loops back to block 312 to continue monitoring for requests to access the server device 104 . If access has been allowed, method 300 proceeds to block 336 . In block 336, the client computing device 102 allows the application 202 to access the server device 104 using the secure network connection. Application 202 may make requests to and receive data from server device 104 over a secure network connection established by trusted license broker 208 . After allowing access to the secure network connection, the method 300 loops back to block 312 to continue monitoring for requests to access the server device 104 .

现在参考图4,在使用中,服务器设备104可以执行用于安全服务器访问的方法400。方法400从框402开始,其中服务器设备104将机器标识符和用户标识符绑定到由客户端计算设备102执行的应用202的许可证。服务器设备104可以将用户标识符和机器标识符的特定组合与应用许可证相关联,例如通过将用户标识符和机器标识符存储在许可证数据228中。如上所述,用户标识符可以实施为标识客户端计算设备102的特定用户的任何用户凭证或其他数据。机器标识符可以被实施为安全且唯一地标识特定客户端计算设备102的任何数据。在一些实施例中,机器标识符还可以标识客户端计算设备102的安全位址空间206和许可证代理208。例如,机器标识符可以从在制造时嵌入在客户端计算设备102的安全位址空间支持122中的位址空间密封密钥导出或以其他方式基于在制造时嵌入在客户端计算设备102的安全位址空间支持122中的位址空间密封密钥。在一些实施例中,服务器设备104可以在服务来自客户端计算设备102的任何请求之前将用户标识符和机器标识符绑定到应用许可证,例如作为供应过程的一部分。另外或替代地,服务器设备104可以与客户端计算设备102进行通信,以将用户标识符和机器标识符绑定到应用许可证。Referring now to FIG. 4, in use, the server device 104 may perform a method 400 for secure server access. Method 400 begins at block 402 , where server device 104 binds a machine identifier and a user identifier to a license of application 202 executed by client computing device 102 . Server device 104 may associate a particular combination of user identifier and machine identifier with an application license, such as by storing the user identifier and machine identifier in license data 228 . As noted above, a user identifier may be implemented as any user credentials or other data that identifies a particular user of client computing device 102 . A machine identifier may be implemented as any data that securely and uniquely identifies a particular client computing device 102 . In some embodiments, the machine identifier may also identify the secure address space 206 and the license broker 208 of the client computing device 102 . For example, the machine identifier may be derived from an address space sealing key embedded in the secure address space support 122 of the client computing device 102 at the time of manufacture or otherwise based on a secure address space support 122 embedded in the client computing device 102 at the time of manufacture. The address space supports 122 the address space sealing key. In some embodiments, server device 104 may bind the user identifier and machine identifier to the application license prior to servicing any requests from client computing device 102, eg, as part of a provisioning process. Additionally or alternatively, server device 104 may communicate with client computing device 102 to bind the user identifier and the machine identifier to the application license.

在一些实施例中,在框404中,服务器设备104可以将服务器挑战数据项发送到客户端计算设备102。挑战数据项可以被实施为任何时间戳、随机数、随机值或服务器设备104所知的其他值,并且可以用于防止重放攻击。可以根据服务器挑战数据项生成机器标识符。例如,机器标识符可以实施为服务器挑战数据项的密码散列和客户端计算设备102的位址空间密封密钥。在一些实施例中,在框406中,服务器设备104可以从客户端计算设备102接收机器标识符和/或用户标识符。另外或替代地,在一些实施例中,可以将服务器设备104配置有或接收来自不同的源(例如企业目录服务器)的机器标识符和/或用户标识符。In some embodiments, the server device 104 may send the server challenge data item to the client computing device 102 in block 404 . The challenge data item can be implemented as any timestamp, random number, random value, or other value known to server device 104, and can be used to prevent replay attacks. A machine identifier may be generated from a server challenge data item. For example, the machine identifier may be implemented as a cryptographic hash of the server challenge data item and an address space sealing key for the client computing device 102 . In some embodiments, the server device 104 may receive the machine identifier and/or the user identifier from the client computing device 102 in block 406 . Additionally or alternatively, in some embodiments, server device 104 may be configured with or receive machine identifiers and/or user identifiers from a different source (eg, an enterprise directory server).

在框408中,服务器设备104侦听由客户端计算设备102打开的安全网络连接。在框410中,服务器设备104确定是否已经打开了与客户端计算设备102的安全连接。如果不是,则方法400循环回到框408以继续监测安全连接。如果已经打开了安全连接,方法400前进到框412。In block 408 , the server device 104 listens for the secure network connection opened by the client computing device 102 . In block 410, the server device 104 determines whether a secure connection with the client computing device 102 has been opened. If not, method 400 loops back to block 408 to continue monitoring the secure connection. If a secure connection has been opened, method 400 proceeds to block 412 .

在框412中,服务器设备104执行对客户端计算设备102的远程证实。如上所述,远程证实允许服务器设备104验证客户端计算设备102执行的受信许可证代理208正在有效的安全位址空间206中执行,并且受信许可证代理208是真实的(即,受信许可证代理208未被篡改)。为了执行远程证实,服务器设备104可以执行SGX技术安全位址空间远程证实流程。In block 412 , server device 104 performs remote attestation to client computing device 102 . As described above, remote attestation allows the server device 104 to verify that the trusted license agent 208 executed by the client computing device 102 is executing in a valid secure address space 206 and that the trusted license agent 208 is authentic (i.e., the trusted license agent 208 has not been tampered with). To perform remote attestation, server device 104 may execute SGX technology secure address space remote attestation process.

在框414中,服务器设备104从客户端计算设备102接收安全位址空间206的测量。如上所述,该测量可被实施为一个安全值,其取决于添加到安全位址空间206的存储器页面的内容以及存储器页面被添加到安全位址空间206的顺序。例如,测量可以实施为在安全位址空间206的构建期间生成的安全日志的密码散列。可以使用客户端计算设备102的处理器120的专用处理器指令,例如EREPORT指令来生成测量。测量还可以绑定到客户端计算设备102的硬件。例如,测量可以包括使用与由客户端计算设备102建立的特定安全位址空间相关联的加密密钥(例如,报告密钥)生成的消息认证码(MAC)。在一些实施例中,客户端计算设备102可以使用与客户端计算设备102相关联的特定于设备的私有密钥创建的签名来替换测量的MAC。在框416中接收到测量之后,服务器设备104基于测量来验证安全位址空间是否完好。例如,服务器设备104可以将测量中包括的消息认证码、签名或其他数据与期望值进行比较。In block 414 , the server device 104 receives the measurement of the secure address space 206 from the client computing device 102 . As described above, this measure may be implemented as a security value that depends on the contents of the memory pages added to the secure address space 206 and the order in which the memory pages were added to the secure address space 206 . For example, the measurement may be implemented as a cryptographic hash of a security log generated during construction of the secure address space 206 . The measurements may be generated using dedicated processor instructions of the processor 120 of the client computing device 102, such as the EREPORT instruction. Measurements may also be bound to client computing device 102 hardware. For example, the measurement may include a message authentication code (MAC) generated using an encryption key (eg, a reporting key) associated with a particular secure address space established by the client computing device 102 . In some embodiments, client computing device 102 may replace the measured MAC with a signature created using a device-specific private key associated with client computing device 102 . After receiving the measurements in block 416, the server device 104 verifies whether the secure address space is intact based on the measurements. For example, server device 104 may compare message authentication codes, signatures, or other data included in the measurements to expected values.

在框418中,服务器设备104确定客户端计算设备102的安全位址空间206是否被成功验证。如果不是,则方法400循环回到框408以侦听附加的安全连接。在一些实施例中,服务器设备104可以关闭安全连接,向客户端计算设备102发送否定响应,记录错误,或者基于验证安全位址空间206的失败来执行任何其他适当的安全响应。如果安全位址空间206被成功验证,则方法400前进到方框420。In block 418, the server device 104 determines whether the secure address space 206 of the client computing device 102 was successfully authenticated. If not, method 400 loops back to block 408 to listen for additional secure connections. In some embodiments, server device 104 may close the secure connection, send a negative response to client computing device 102 , log an error, or perform any other appropriate security response based on failure to verify secure address space 206 . If the secure address space 206 is successfully verified, the method 400 proceeds to block 420 .

在框420中,服务器设备104从客户端计算设备102接收机器标识符和用户标识符。如上所述,机器标识符唯一地描述特定客户端计算设备102,并且可以绑定到客户端计算设备102的硬件,例如通过从位址空间密封密钥导出。用户标识符描述客户端计算设备102的当前认证的用户,并且可以包括用户认证因素(例如用户凭证)或从用户认证因素(例如用户凭证)导出。In block 420 , the server device 104 receives the machine identifier and the user identifier from the client computing device 102 . As noted above, the machine identifier uniquely describes a particular client computing device 102 and may be bound to the hardware of the client computing device 102, such as by being derived from an address space sealing key. The user identifier describes a currently authenticated user of the client computing device 102 and may include or be derived from user authentication factors (eg, user credentials).

在框422中,服务器设备104基于机器标识符和用户标识符来验证应用许可证。服务器设备104可以确定机器标识符和用户标识符的特定组合是否已被授权访问应用222和/或应用数据224。服务器设备104可以例如使用机器标识符和/或用户标识符来搜索许可证数据228。在框424中,服务器设备104确定应用许可证是否已被验证。如果不是,则方法400循环回到框408以侦听附加的安全连接。在一些实施例中,服务器设备104可以基于验证应用许可证的失败而关闭安全连接,向客户端计算设备102发送否定响应,记录错误,或执行任何其他适当的安全响应。如果应用许可证被成功验证,则方法400前进到框426。In block 422, the server device 104 verifies the application license based on the machine identifier and the user identifier. Server device 104 may determine whether a particular combination of machine identifier and user identifier is authorized to access application 222 and/or application data 224 . Server device 104 may search license data 228 using, for example, a machine identifier and/or a user identifier. In block 424, the server device 104 determines whether the application license has been verified. If not, method 400 loops back to block 408 to listen for additional secure connections. In some embodiments, server device 104 may close the secure connection, send a negative response to client computing device 102 , log an error, or perform any other appropriate security response based on failure to verify the application license. If the application license is successfully verified, the method 400 proceeds to block 426 .

在框426中,服务器设备104允许客户端计算设备102使用安全网络连接访问应用222和/或应用数据224。发送到客户端计算设备102的数据由安全网络连接进行发送保护。客户端计算设备102可以在应用会话的寿命期间使用安全网络连接来继续访问应用222和/或应用数据224。在允许客户端计算设备102访问应用222和/或应用数据224之后,方法400循环回到框408以侦听附加的安全连接。In block 426, the server device 104 allows the client computing device 102 to access the application 222 and/or the application data 224 using the secure network connection. Data sent to client computing device 102 is sent protected by a secure network connection. Client computing device 102 may continue to access application 222 and/or application data 224 using the secure network connection during the life of the application session. After allowing client computing device 102 to access application 222 and/or application data 224, method 400 loops back to block 408 to listen for additional secure connections.

示例example

本文公开的技术的说明性示例在下面提供。技术的一个实施例可以包括以下描述的示例中的任何一个或多个以及任何组合。Illustrative examples of the techniques disclosed herein are provided below. An embodiment of the technique may include any one or more and any combination of the examples described below.

示例1包括用于安全服务器访问的计算设备,所述计算设备包括:处理器,其包括安全位址空间支持;许可证代理加载器模块,用于将许可证代理加载到安全位址空间中;应用请求模块,用于由所述许可证代理从所述计算设备的应用接收访问远程服务器的请求;证实模块,由所述许可证代理经由在许可证代理和远程服务器之间的安全连接来执行安全位址空间向远程服务器的远程证实;用户认证模块,用于由所述许可证代理认证所述计算设备的用户;和服务器访问模块,用于(i)响应于对用户的认证,由所述许可证代理将机器标识符和用户标识符经由所述安全连接发送到远程服务器,其中所述机器标识符标识所述计算设备并且所述用户标识符标识所述计算设备的用户;以及(ii)由所述许可证代理响应于对所述机器标识符和用户标识符的认证而允许应用访问与远程服务器的安全连接。Example 1 includes a computing device for secure server access, the computing device comprising: a processor including secure address space support; a license agent loader module for loading a license agent into the secure address space; an application request module for receiving, by the license agent, a request from an application of the computing device to access a remote server; a validation module, executed by the license agent via a secure connection between the license agent and the remote server remote attestation of a secure address space to a remote server; a user authentication module for authenticating, by the license agent, a user of the computing device; and a server access module for (i) responsive to authentication of the user, by the The license agent sends a machine identifier and a user identifier to a remote server via the secure connection, wherein the machine identifier identifies the computing device and the user identifier identifies a user of the computing device; and (ii ) allowing, by the license agent, an application to access a secure connection with a remote server in response to authentication of the machine identifier and user identifier.

示例2包括示例1的主题,并且其中应用请求模块进一步响应于接收到访问远程服务器的请求而由许可证代理打开与远程服务器的安全连接。Example 2 includes the subject matter of Example 1, and wherein the application request module opens, by the license agent, a secure connection with the remote server further in response to receiving a request to access the remote server.

示例3包括示例1和2中任一项的主题,并且其中服务器访问模块进一步由许可证代理响应于机器标识符和用户标识符的发送而接收来自远程服务器的成功响应;其中允许所述应用响应于对所述机器标识符和用户标识符的认证来访问所述安全连接包括响应于对所述成功响应的接收而允许所述应用访问所述安全连接。Example 3 includes the subject matter of any one of Examples 1 and 2, and wherein the server access module further receives, by the license agent, a success response from the remote server in response to sending the machine identifier and the user identifier; wherein the application is allowed to respond Accessing the secure connection upon authentication of the machine identifier and user identifier includes allowing the application to access the secure connection in response to receiving the success response.

示例4包括示例1-3中任一项的主题,并且其中服务器访问模块进一步由许可证代理根据唯一密钥生成机器标识符,其中唯一密钥对安全位址空间和计算设备的组合是唯一的。Example 4 includes the subject matter of any of Examples 1-3, and wherein the server access module further generates, by the license agent, a machine identifier based on a unique key, wherein the unique key is unique to a combination of the secure address space and the computing device .

示例5包括示例1-4中任一项的主题,其中唯一密钥包括位址空间密封密钥。Example 5 includes the subject matter of any of Examples 1-4, wherein the unique key comprises an address space sealing key.

示例6包括示例1-5中任一项的主题,并且其中生成机器标识符还包括根据从远程服务器接收的服务器挑战数据项生成机器标识符。Example 6 includes the subject matter of any of Examples 1-5, and wherein generating the machine identifier further comprises generating the machine identifier from a server challenge data item received from the remote server.

示例7包括示例1-6中任一项的主题,并且其中执行安全位址空间的远程证实包括由许可证代理生成安全位址空间的测量;并由许可证代理将安全位址空间的测量发送到远程服务器。Example 7 includes the subject matter of any of Examples 1-6, and wherein performing the remote attestation of the secure address space includes generating, by the license agent, a measure of the secure address space; and sending, by the license agent, the measure of the secure address space to the remote server.

示例8包括示例1-7中任一项的主题,并且其中生成安全位址空间的测量包括生成指示与安全位址空间相关联的安全日志的测量,其中安全日志指示安全位址空间的内容和安全位址空间的创建顺序。Example 8 includes the subject matter of any of Examples 1-7, and wherein generating the measure of the secure address space comprises generating a measure indicative of a secure log associated with the secure address space, wherein the secure log indicates the contents of the secure address space and The order in which secure address spaces are created.

示例9包括示例1-8中任一个的主题,并且其中认证计算设备的用户包括从用户接收用户凭证。Example 9 includes the subject matter of any of Examples 1-8, and wherein authenticating the user of the computing device includes receiving user credentials from the user.

示例10包括示例1-9中任一项的主题,并且其中从用户接收用户凭证包括使用计算设备的受信I/O路径接收用户凭证。Example 10 includes the subject matter of any of Examples 1-9, and wherein receiving the user credentials from the user includes receiving the user credentials using a trusted I/O path of the computing device.

示例11包括用于安全服务器访问的计算设备,所述计算设备包括将第一机器标识符和第一用户标识符绑定到应用许可证的应用许可证模块,其中所述第一机器标识符标识客户端计算设备和由客户端计算设备的处理器建立的安全位址空间的特定组合,并且所述第一用户标识符标识所述客户端计算设备的特定用户;客户端计算设备模块,用于打开与所述客户端计算设备的安全连接;证实模块,用于经由所述安全连接来执行所述客户端计算设备的安全位址空间的远程证实;以及访问验证模块,用于(i)经由所述安全连接从所述客户端计算设备接收第二机器标识符和第二用户标识符,以及(ii)确定所述第二机器标识符是否匹配所述第一机器标识符以及所述第二用户标识符是否匹配第一用户标识符;其中所述客户端计算设备模块进一步用于响应于(i)所述安全位址空间的远程证实的执行和(ii)所述第二机器标识符与第一机器标识符匹配并且第二用户标识符与第一用户标识符匹配的确定而允许所述客户端计算设备经由所述安全连接访问所述计算设备的数据。Example 11 includes a computing device for secure server access, the computing device including an application license module that binds a first machine identifier and a first user identifier to an application license, wherein the first machine identifier identifies a specific combination of a client computing device and a secure address space established by a processor of the client computing device, and the first user identifier identifies a specific user of the client computing device; a client computing device module for Opening a secure connection with the client computing device; an attestation module for performing remote attestation of the client computing device's secure address space via the secure connection; and an access verification module for (i) via The secure connection receives a second machine identifier and a second user identifier from the client computing device, and (ii) determines whether the second machine identifier matches the first machine identifier and the second whether the user identifier matches the first user identifier; wherein the client computing device module is further operable to respond to (i) performance of remote attestation of the secure address space and (ii) matching of the second machine identifier to A determination that the first machine identifier matches and that the second user identifier matches the first user identifier allows the client computing device to access data of the computing device via the secure connection.

示例12包括示例11的主题,并且其中允许客户端计算设备访问数据包括向客户端计算设备发送成功响应。Example 12 includes the subject matter of Example 11, and wherein allowing the client computing device to access the data includes sending a success response to the client computing device.

示例13包括示例11和12中任一项的主题,并且其中第一机器标识符是根据唯一密钥而生成的,其中唯一密钥对于客户端计算设备和客户端计算设备的所述安全位址空间的组合是唯一的。Example 13 includes the subject matter of any of Examples 11 and 12, and wherein the first machine identifier is generated from a unique key that is specific to the client computing device and the secure address of the client computing device The combination of spaces is unique.

示例14包括示例11-13中任一项的主题,并且其中唯一密钥包括位址空间密封密钥。Example 14 includes the subject matter of any of Examples 11-13, and wherein the unique key comprises an address space sealing key.

示例15包括示例11-14中任一项的主题,并且其中将第一机器标识符和第一用户标识符绑定到应用许可证包括从客户端计算设备接收第一机器标识符和第一用户标识符。Example 15 includes the subject matter of any of Examples 11-14, and wherein binding the first machine identifier and the first user identifier to the application license includes receiving the first machine identifier and the first user identifier from the client computing device identifier.

示例16包括示例11-15中任一项的主题,并且其中将第一机器标识符和第一用户标识符绑定到应用许可证包括将服务器挑战数据项发送到客户端计算设备,其中,机器标识符进一步指示服务器挑战数据项。Example 16 includes the subject matter of any of Examples 11-15, and wherein binding the first machine identifier and the first user identifier to the application license includes sending a server challenge data item to the client computing device, wherein the machine The identifier further instructs the server to challenge the data item.

示例17包括示例11-16中任一项的主题,并且其中执行客户端计算设备的安全位址空间的远程证实包括经由安全连接接收安全位址空间的测量;并且基于安全位址空间的测量来验证安全位址空间是完好的。Example 17 includes the subject matter of any of Examples 11-16, and wherein performing the remote attestation of the secure address space of the client computing device comprises receiving a measure of the secure address space via the secure connection; and based on the measure of the secure address space, Verify that the secure address space is intact.

示例18包括示例11-17中任一项的主题,并且其中安全位址空间的测量指示与安全位址空间相关联的安全日志,其中安全日志指示安全位址空间的内容,以及创建安全位址空间的顺序。Example 18 includes the subject matter of any of Examples 11-17, and wherein the measurement of the secure address space indicates a security log associated with the secure address space, wherein the security log indicates contents of the secure address space, and creating the secure address space order of space.

示例19包括用于安全服务器访问的方法,该方法包括由计算设备将许可证代理加载到由计算设备的处理器建立的安全位址空间中;由许可证代理从计算设备的应用接收访问远程服务器的请求;由许可证代理经由在许可证代理和远程服务器之间的安全连接来执行安全位址空间向远程服务器的远程证实;由所述许可证代理认证所述计算设备的用户;响应于对所述用户进行认证,所述许可证代理通过所述安全连接向所述远程服务器发送机器标识符和用户标识符,其中所述机器标识符标识所述计算设备,并且所述用户标识符标识所述计算设备的用户;并且由所述许可证代理响应于认证所述机器标识符和所述用户标识符而允许应用访问与所述远程服务器的安全连接。Example 19 includes a method for secure server access, the method comprising loading, by a computing device, a license agent into a secure address space established by a processor of the computing device; receiving, by the license agent, access to the remote server from an application of the computing device performing a remote attestation of the secure address space to the remote server by the license agent via a secure connection between the license agent and the remote server; authenticating the user of the computing device by the license agent; in response to The user authenticates, the license agent sends a machine identifier and a user identifier to the remote server over the secure connection, wherein the machine identifier identifies the computing device and the user identifier identifies the a user of the computing device; and allowing, by the license agent, an application to access a secure connection with the remote server in response to authenticating the machine identifier and the user identifier.

示例20包括示例19的主题,并且还包括响应于接收到访问远程服务器的请求而由许可证代理打开与远程服务器的安全连接。Example 20 includes the subject matter of Example 19, and further includes opening, by the license agent, a secure connection with the remote server in response to receiving a request to access the remote server.

示例21包括示例19和20中任一项的主题,并且还包括由许可证代理响应于发送机器标识符和用户标识符而接收来自远程服务器的成功响应;其中响应于认证机器标识符和用户标识符而允许应用访问安全连接包括响应于接收到成功响应而允许应用访问安全连接。Example 21 includes the subject matter of any one of Examples 19 and 20, and further includes receiving, by the license agent, a success response from the remote server in response to sending the machine identifier and the user identifier; wherein in response to authenticating the machine identifier and the user identifier Allowing the application to access the secure connection in response to receiving the success response includes allowing the application to access the secure connection.

示例22包括示例19-21中任一项的主题,并且还包括由许可证代理根据唯一密钥生成的机器标识符,其中唯一密钥对于安全位址空间和计算设备的组合是唯一的。Example 22 includes the subject matter of any of Examples 19-21, and further includes the machine identifier generated by the license agent based on the unique key, where the unique key is unique to the combination of the secure address space and the computing device.

示例23包括示例19-22中任一项的主题,并且其中唯一密钥包括位址空间密封密钥。Example 23 includes the subject matter of any of Examples 19-22, and wherein the unique key comprises an address space sealing key.

示例24包括示例19-23中任一项的主题,并且其中生成机器标识符还包括根据从远程服务器接收的服务器挑战数据项生成机器标识符。Example 24 includes the subject matter of any of Examples 19-23, and wherein generating the machine identifier further comprises generating the machine identifier from a server challenge data item received from the remote server.

示例25包括示例19-24中任一项的主题,并且其中执行安全位址空间的远程证实包括由许可证代理生成安全位址空间的测量;并且由许可证代理将安全位址空间的测量发送到远程服务器。Example 25 includes the subject matter of any of Examples 19-24, and wherein performing the remote attestation of the secure address space includes generating, by the license agent, a measure of the secure address space; and sending, by the license agent, the measure of the secure address space to the remote server.

示例26包括示例19-25中任一项的主题,并且其中生成安全位址空间的测量包括生成指示与安全位址空间相关联的安全日志的测量,其中安全日志指示安全位址空间的内容和安全位址空间的创建顺序。Example 26 includes the subject matter of any of Examples 19-25, and wherein generating the measure of the secure address space comprises generating a measure indicative of a secure log associated with the secure address space, wherein the secure log indicates the contents of the secure address space and The order in which secure address spaces are created.

示例27包括示例19-26中任一项的主题,并且其中认证计算设备的用户包括从用户接收用户凭证。Example 27 includes the subject matter of any of Examples 19-26, and wherein authenticating the user of the computing device includes receiving user credentials from the user.

示例28包括示例19-27中任一项的主题,并且其中从用户接收用户凭证包括使用计算设备的受信I/O路径来接收用户凭证。Example 28 includes the subject matter of any of Examples 19-27, and wherein receiving the user credentials from the user includes receiving the user credentials using a trusted I/O path of the computing device.

示例29包括用于安全服务器访问的方法,该方法包括:由计算设备将第一机器标识符和第一用户标识符绑定到应用许可证,其中所述第一机器标识符标识客户端计算设备和由客户端计算设备的处理器建立的安全位址空间的特定组合,并且其中所述第一用户标识符标识所述客户端计算设备的特定用户;由所述计算设备打开与所述客户端计算设备的安全连接;由所述计算设备经由所述安全连接执行所述客户端计算设备对所述安全位址空间的远程证实;由所述计算设备经由所述安全连接从所述客户端计算设备接收第二机器标识符和第二用户标识符;由所述计算设备确定所述第二机器标识符是否与所述第一机器标识符匹配以及所述第二用户标识符是否与所述第一用户标识符匹配;并且响应于(i)执行所述安全位址空间的远程证实,以及(ii)确定所述第二机器标识符与所述第一机器标识符匹配并且所述第二用户标识符与所述第一用户标识符匹配,所述计算设备允许所述客户端计算设备经由所述安全连接访问所述计算设备的数据。Example 29 includes a method for securing server access, the method comprising binding, by the computing device, a first machine identifier and a first user identifier to an application license, wherein the first machine identifier identifies the client computing device and a specific combination of a secure address space established by a processor of a client computing device, and wherein the first user identifier identifies a specific user of the client computing device; opened by the computing device to communicate with the client a secure connection to a computing device; performing, by the computing device via the secure connection, remote attestation of the secure address space by the client computing device; computing from the client via the secure connection by the computing device receiving a second machine identifier and a second user identifier at the device; determining, by the computing device, whether the second machine identifier matches the first machine identifier and whether the second user identifier matches the first a user identifier matches; and in response to (i) performing a remote attestation of the secure address space, and (ii) determining that the second machine identifier matches the first machine identifier and that the second user The identifier matches the first user identifier, and the computing device allows the client computing device to access data of the computing device via the secure connection.

示例30包括示例29的主题,并且其中允许客户端计算设备访问数据包括向客户端计算设备发送成功响应。Example 30 includes the subject matter of Example 29, and wherein allowing the client computing device to access the data includes sending a success response to the client computing device.

示例31包括示例29和30中任一项的主题,并且其中第一机器标识符是根据唯一密钥而生成的,其中唯一密钥对于客户端计算设备和客户端计算设备的安全位址空间的组合是唯一的。Example 31 includes the subject matter of any of Examples 29 and 30, and wherein the first machine identifier is generated based on a unique key that is specific to the client computing device and the secure address space of the client computing device Combinations are unique.

示例32包括示例29-31中任一项的主题,并且其中唯一密钥包括位址空间密封密钥。Example 32 includes the subject matter of any of Examples 29-31, and wherein the unique key comprises an address space sealing key.

示例33包括示例29-32中任一项的主题,并且其中将第一机器标识符和第一用户标识符绑定到应用许可证包括从客户端计算设备接收第一机器标识符和第一用户标识符。Example 33 includes the subject matter of any of Examples 29-32, and wherein binding the first machine identifier and the first user identifier to the application license includes receiving the first machine identifier and the first user identifier from the client computing device identifier.

示例34包括示例29-33中任一项的主题,并且其中将第一机器标识符和第一用户标识符绑定到应用许可证包括向客户端计算设备发送服务器挑战数据项,其中机器标识符进一步指示服务器挑战数据项。Example 34 includes the subject matter of any of Examples 29-33, and wherein binding the first machine identifier and the first user identifier to the application license includes sending a server challenge data item to the client computing device, wherein the machine identifier Further instructs the server to challenge the data item.

示例35包括示例29-34中任一项的主题,并且其中执行客户端计算设备的安全位址空间的远程证实包括:经由安全连接接收安全位址空间的测量;并基于安全位址空间的测量来验证安全位址空间是完好的。Example 35 includes the subject matter of any of Examples 29-34, and wherein performing the remote attestation of the secure address space of the client computing device comprises: receiving a measure of the secure address space via the secure connection; and based on the measure of the secure address space to verify that the secure address space is intact.

示例36包括示例29-35中任一项的主题,其中安全位址空间的测量指示与安全位址空间相关联的安全日志,其中安全日志指示安全位址空间的内容和安全位址空间的创建顺序。Example 36 includes the subject matter of any of Examples 29-35, wherein the measurement of the secure address space indicates a security log associated with the secure address space, wherein the security log indicates content of the secure address space and creation of the secure address space order.

示例37包括计算设备,计算设备包括处理器;以及存储器,存储器中存储有多个指令,当由处理器执行时,使得计算设备执行示例19-36中任一个的方法。Example 37 includes a computing device comprising a processor; and a memory having stored therein a plurality of instructions that, when executed by the processor, cause the computing device to perform the method of any one of Examples 19-36.

示例38包括一个或多个机器可读存储介质,其包括存储在其上的多个指令,响应于指令执行而使得计算设备执行示例19-36中任一项的方法。Example 38 includes one or more machine-readable storage media comprising a plurality of instructions stored thereon that, in response to execution of the instructions, cause a computing device to perform the method of any one of Examples 19-36.

示例39包括计算设备,其包括用于执行示例19-36中任一项的方法的单元。Example 39 includes a computing device comprising means for performing the method of any of Examples 19-36.

示例40包括用于安全服务器访问的计算设备,所述计算设备包括:用于将许可证代理加载到由所述计算设备的处理器建立的安全位址空间中的单元;用于由所述许可证代理从所述计算设备的应用接收访问远程服务器的请求的单元;由许可证代理经由许可证代理和远程服务器之间的安全连接来执行安全位址空间向远程服务器的远程证实的单元;用于由所述许可证代理认证所述计算设备的用户的单元;用于响应于认证所述用户而通过所述许可证代理将将机器标识符和用户标识符经由安全连接发送到所述远程服务器的单元,其中所述机器标识符标识所述计算设备,并且所述用户标识符标识所述计算设备的用户;以及用于由许可证代理响应于认证机器标识符和用户标识符而允许应用而访问与远程服务器的安全连接的单元。Example 40 includes a computing device for secure server access, the computing device comprising: means for loading a license agent into a secure address space established by a processor of the computing device; A unit for receiving a request for access to a remote server by the license agent from an application of the computing device; a unit for performing remote attestation of the secure address space to the remote server by the license agent via a secure connection between the license agent and the remote server; means for authenticating a user of the computing device by the license agent; for sending, by the license agent, a machine identifier and a user identifier to the remote server via a secure connection in response to authenticating the user means for wherein the machine identifier identifies the computing device and the user identifier identifies a user of the computing device; and for allowing an application, by a license agent, to A unit to access a secure connection to a remote server.

示例41包括示例40的主题,并且还包括用于响应于接收到访问远程服务器的请求而由许可证代理打开与远程服务器的安全连接的单元。Example 41 includes the subject matter of Example 40, and further includes means for opening, by the license agent, a secure connection with the remote server in response to receiving a request to access the remote server.

示例42包括示例40和41中任一项的主题,并且还包括用于响应于发送机器标识符和用户标识符而由许可证代理从远程服务器接收成功响应的单元;其中用于响应于认证机器标识符和用户标识符而允许应用访问安全连接的单元包括用于响应于成功响应而允许应用访问安全连接的单元。Example 42 includes the subject matter of any one of Examples 40 and 41, and further includes means for receiving, by the license agent, a success response from the remote server in response to sending the machine identifier and the user identifier; wherein in response to authenticating the machine The means for allowing the application to access the secure connection using the identifier and the user identifier includes means for allowing the application to access the secure connection in response to a successful response.

示例43包括示例40-42中任一项的主题,并且还包括用于由许可证代理根据唯一密钥生成机器标识符的单元,其中唯一密钥对于安全位址空间和计算设备的组合是唯一的。Example 43 includes the subject matter of any of Examples 40-42, and further includes means for generating, by the license agent, a machine identifier based on a unique key that is unique to the combination of the secure address space and the computing device of.

示例44包括示例40-43中任一项的主题,并且其中唯一密钥包括位址空间密封密钥。Example 44 includes the subject matter of any of Examples 40-43, and wherein the unique key comprises an address space sealing key.

示例45包括示例40-44中任一项的主题,并且其中用于生成机器标识符的单元还包括用于根据从远程服务器接收的服务器挑战数据项生成机器标识符的单元。Example 45 includes the subject matter of any of Examples 40-44, and wherein the means for generating the machine identifier further comprises means for generating the machine identifier from a server challenge data item received from the remote server.

示例46包括示例40-45中任一项的主题,并且其中用于执行安全位址空间的远程证实的单元包括用于由许可证代理生成安全位址空间的测量的单元;以及用于由许可证代理将安全位址空间的测量发送到远程服务器的单元。Example 46 includes the subject matter of any of Examples 40-45, and wherein the means for performing remote attestation of the secure address space comprises means for generating, by the license agent, a measure of the secure address space; A means for an authentication agent to send a measure of a secure address space to a remote server.

示例47包括示例40-46中任一项的主题,并且其中用于生成安全位址空间的测量的单元包括用于生成指示与安全位址空间相关联的安全日志的测量的单元,其中安全日志表示安全位址空间的内容和安全位址空间的创建顺序。Example 47 includes the subject matter of any of Examples 40-46, and wherein the means for generating a measure of the secure address space comprises means for generating a measure indicative of a secure log associated with the secure address space, wherein the secure log Indicates the contents of the secure address space and the order in which the secure address space is created.

示例48包括示例40-47中任一项的主题,并且其中用于认证计算设备的用户的单元包括用于从用户接收用户凭证的单元。Example 48 includes the subject matter of any of Examples 40-47, and wherein the means for authenticating a user of the computing device includes means for receiving user credentials from the user.

示例49包括示例40-48中任一项的主题,并且其中用于从用户接收用户凭证的单元包括用于使用计算设备的受信I/O路径接收用户凭证的单元。Example 49 includes the subject matter of any of Examples 40-48, and wherein the means for receiving user credentials from the user comprises means for receiving user credentials using a trusted I/O path of the computing device.

示例50包括用于安全服务器访问的计算设备,所述计算设备包括:用于将第一机器标识符和第一用户标识符绑定到应用许可证的单元,其中所述第一机器标识符标识客户端计算设备和由所述客户端计算设备的处理器建立的安全位址空间的特定组合,并且其中所述第一用户标识符标识所述客户端计算设备的特定用户;用于打开与所述客户端计算设备的安全连接的单元;用于经由所述安全连接来执行所述客户端计算设备的安全位址空间的远程证实的单元;用于经由所述安全连接从所述客户端计算设备接收第二机器标识符和第二用户标识符的单元;用于确定所述第二机器标识符是否与所述第一机器标识符匹配以及所述第二用户标识符是否与所述第一用户标识符匹配的单元;以及用于响应于(i)执行所述安全位址空间的远程证实,以及(ii)确定第二机器标识符与第一机器标识符匹配以及第二用户标识符与第一用户标识符匹配而允许客户端计算设备经由安全连接访问计算设备的数据的单元。Example 50 includes a computing device for secure server access, the computing device comprising: means for binding a first machine identifier and a first user identifier to an application license, wherein the first machine identifier identifies a specific combination of a client computing device and a secure address space established by a processor of the client computing device, and wherein the first user identifier identifies a specific user of the client computing device; means for a secure connection of the client computing device; means for performing remote attestation of a secure address space of the client computing device via the secure connection; for computing from the client computing device via the secure connection means for receiving a second machine identifier and a second user identifier; for determining whether the second machine identifier matches the first machine identifier and whether the second user identifier matches the first means for user identifier matching; and means for performing remote attestation of the secure address space in response to (i) and (ii) determining that the second machine identifier matches the first machine identifier and the second user identifier matches the The first user identifier matches to allow the client computing device to access elements of the computing device's data via the secure connection.

示例51包括示例50的主题,并且其中用于允许客户端计算设备访问数据的单元包括用于向客户端计算设备发送成功响应的单元。Example 51 includes the subject matter of Example 50, and wherein the means for allowing the client computing device to access the data comprises means for sending a success response to the client computing device.

示例52包括示例50和51中任一个的主题,并且其中第一机器标识符是根据唯一密钥生成的,其中唯一密钥对于客户端计算设备和客户端计算设备的安全位址空间的组合是唯一的。Example 52 includes the subject matter of any one of Examples 50 and 51, and wherein the first machine identifier is generated from a unique key, wherein the unique key for a combination of the client computing device and the secure address space of the client computing device is only.

示例53包括示例50-52中任一项的主题,并且其中唯一密钥包括位址空间密封密钥。Example 53 includes the subject matter of any of Examples 50-52, and wherein the unique key comprises an address space sealing key.

示例54包括示例50-53中任一个的主题,并且其中用于将第一机器标识符和第一用户标识符绑定到应用许可证的单元包括用于从客户端计算设备接收第一机器标识符和第一用户标识符的单元。Example 54 includes the subject matter of any of Examples 50-53, and wherein the means for binding the first machine identifier and the first user identifier to the application license comprises receiving the first machine identification from the client computing device symbol and the unit of the first user identifier.

示例55包括示例50-54中任一项的主题,并且其中用于将第一机器标识符和第一用户标识符绑定到应用许可证的单元包括用于将服务器挑战数据项发送到客户端计算设备的单元,其中所述机器标识符进一步指示服务器挑战数据项。Example 55 includes the subject matter of any of Examples 50-54, and wherein the means for binding the first machine identifier and the first user identifier to the application license comprises sending a server challenge data item to the client The element of computing device, wherein the machine identifier further instructs the server to challenge the data item.

示例56包括示例50-55中任一项的主题,并且其中用于执行客户端计算设备的安全位址空间的远程证实的单元包括用于经由安全连接接收安全位址空间的测量的单元;以及用于基于安全位址空间的测量来验证安全位址空间是完好的单元。Example 56 includes the subject matter of any of Examples 50-55, and wherein the means for performing remote verification of the secure address space of the client computing device comprises means for receiving a measure of the secure address space via the secure connection; and Used to verify that the secure address space is a sound unit based on measurements of the secure address space.

示例57包括示例50-56中任一项的主题,其中安全位址空间的测量指示与安全位址空间相关联的安全日志,其中安全日志指示安全位址空间的内容和安全位址空间的创建顺序。Example 57 includes the subject matter of any of Examples 50-56, wherein the measurement of the secure address space is indicative of a security log associated with the secure address space, wherein the security log is indicative of content of the secure address space and creation of the secure address space order.

Claims (25)

1. a kind of computing device accessed for security server, the computing device include:
Processor, it includes safe address space and supported;
Licence broker loader module, for licence broker to be loaded into safe address space;
Application request module, remote server is accessed for being received by the licence broker from the application of the computing device Request;
Module is confirmed, is connected by the licence broker via the safety between the licence broker and the remote server Fetch the long-range confirmation for performing the safe address space to the remote server;
User authentication module, the user for the computing device as described in the licence broker certification;And
Server access module, for (i) by the licence broker in response to the certification to the user and by machine identification Symbol and user identifier are sent to the remote server via the secure connection, wherein described in machine identifier mark Computing device, and the user identifier identifies the user of the computing device;And (ii) by the licensing generation Reason allows the application to access and the long-range clothes in response to the certification to the machine identifier and the user identifier The secure connection of business device.
2. computing device according to claim 1, wherein:
The server access module is further used for by the licence broker in response to the machine identifier and described The transmission of user identifier and from the remote server receive success response;
Wherein, the application is allowed to access the peace in response to the certification to the machine identifier and the user identifier Full connection includes:The application is allowed to access the secure connection in response to the reception to the success response.
3. computing device according to claim 1, wherein, the server access module is further used for by the license Card agency generates the machine identifier according to unique key, wherein, the unique key includes empty for the safe address Between and the combination of the computing device be unique address space sealed key.
4. computing device according to claim 3, wherein, generating the machine identifier is also included according to from described long-range The server-challenge data item that server receives generates the machine identifier.
5. according to the computing device any one of claim 1-4, wherein, the long-range card of the execution safe address space Include in fact:
The measurement of the safe address space is generated by the licence broker, wherein, the measurement instruction and the security bit The security log of location space correlation connection, wherein, the security log indicates the content of the safe address space and the safety The establishment order of address space;And
The measurement of the safe address space is sent to the remote server by the licence broker.
6. according to the computing device any one of claim 1-4, wherein, the user bag of computing device described in certification Include and receive user's voucher from the user using the trusted I/O paths of the computing device.
7. a kind of computing device accessed for security server, the computing device include:
Using licensing module, for the first machine identifier and the first user identifier to be tied to using licensing, wherein The first machine identifier mark client computing device and the safety established by the processor of the client computing device The particular combination of address space, and first user identifier identifies the specific user of the client computing device;
Client computing device module, for opening the secure connection with the client computing device;
Module is confirmed, for performing the safe address space of the client computing device via the secure connection It is long-range to confirm;And
Authentication module is accessed, the second machine identification is received from the client computing device via the secure connection for (i) Symbol and second user identifier, and (ii) determine second machine identifier whether with first machine identifier Match somebody with somebody, and the second user identifier whether with first subscriber identifier matches;
Wherein described client computing device module is further used in response to the long-range confirmation of safe address space (i) described Perform and (ii) described second machine identifier is matched with first machine identifier and the second user identifier With the determination of first subscriber identifier matches, and allow the client computing device via the secure connection access institute State the data of computing device.
8. computing device according to claim 7, wherein, it is allowed to the client computing device, which accesses the data, to be included Success response is sent to the client computing device.
9. computing device according to claim 7, wherein, first machine identifier is generated according to unique key , wherein the unique key includes the security bit for the client computing device and the client computing device The combination in location space is unique address space sealed key.
10. computing device according to claim 7, wherein, first machine identifier and first user are marked Knowing symbol and being tied to the application licensing includes receiving first machine identifier and described from the client computing device First user identifier.
11. computing device according to claim 7, wherein, first machine identifier and first user are marked Know symbol and be tied to the application licensing including server-challenge data item is sent into the client computing device, wherein institute State machine identifier and further indicate the server-challenge data item.
12. according to the computing device any one of claim 7-11, wherein, perform the institute of the client computing device Stating the long-range confirmation of safe address space includes:
The measurement of the safe address space, the measurement instruction and the safe address space are received via the secure connection Associated security log, wherein, the security log indicates that the content of the safe address space and the safe address are empty Between establishment order;And
Measuring to verify that the safe address space is intact based on the safe address space.
13. a kind of method accessed for security server, methods described include:
Licence broker is loaded into the safe address space by the processor foundation of the computing device by computing device;
The request for accessing remote server is received from the application of the computing device by the licence broker;
Performed by the licence broker via the secure connection between the licence broker and the remote server Long-range confirmation of the safe address space to the remote server;
The user of computing device as described in the licence broker certification;
By the licence broker in response to being authenticated to the user and by machine identifier and user identifier via institute State secure connection and be sent to the remote server, wherein the machine identifier identifies the computing device, and the use Family identifier identifies the user of the computing device;And
Allow described answer in response to the certification to the machine identifier and the user identifier by the licence broker With the secure connection accessed with the remote server.
14. according to the method for claim 13, in addition to by the licence broker according to unique key generate the machine Device identifier, wherein, the combination that the unique key includes for the safe address space and the computing device is unique Address space sealed key.
15. according to the method for claim 14, wherein, generating the machine identifier also includes remotely taking according to from described The server-challenge data item that business device receives generates the machine identifier.
16. according to the method for claim 13, wherein, performing the long-range confirmation of the safe address space includes:
The measurement of the safe address space, the measurement instruction and the safe address space are generated by the licence broker Associated security log, wherein, the security log indicates that the content of the safe address space and the safe address are empty Between establishment order;And
The measurement of the safe address space is sent to the remote server by the licence broker.
17. according to the method for claim 13, wherein, the user of computing device described in certification sets including the use of the calculating Standby trusted I/O paths receive user's voucher from the user.
18. a kind of method accessed for security server, methods described include:
The first machine identifier and the first user identifier are tied to using licensing by computing device, wherein first machine Device identifier identifies client computing device and the safe address space established by the processor of the client computing device Particular combination, and wherein described first user identifier identifies the specific user of the client computing device;
Secure connection with the client computing device is opened by the computing device;
The safe address space of the client computing device is performed via the secure connection by the computing device Long-range confirmation;
By the computing device the second machine identifier and the are received via the secure connection from the client computing device Two user identifiers;
Determine whether second machine identifier matches and described with first machine identifier by the computing device Second user identifier whether with first subscriber identifier matches;And
Perform the long-range confirmation of the safe address space in response to (i), and (ii) determine second machine identifier with The first machine identifier matching and the second user identifier and first subscriber identifier matches, the calculating Equipment allows data of the client computing device via the secure connection access computing device.
19. according to the method for claim 18, wherein, first machine identifier is generated according to unique key , wherein the unique key includes the security bit for the client computing device and the client computing device The combination in location space is unique address space sealed key.
20. the method according to claim 11, wherein, by first machine identifier and first user identifier Being tied to the application licensing includes receiving first machine identifier and described first from the client computing device User identifier.
21. the method according to claim 11, wherein, by first machine identifier and first user identifier Being tied to the application licensing includes server-challenge data item being sent to the client computing device, wherein the machine Device identifier further indicates the server-challenge data item.
22. according to the method for claim 18, wherein, perform the safe address space of the client computing device Long-range confirmation include:
The measurement of the safe address space, the measurement instruction and the safe address space are received via the secure connection Associated security log, wherein, the security log indicates that the content of the safe address space and the safe address are empty Between establishment order;And
Measuring to verify that the safe address space is intact based on the safe address space.
23. a kind of computing device, including:
Processor;With
Memory, there is the multiple instruction being stored thereon, the instruction is when by setting the calculating during computing device The standby method performed according to any one of claim 13-22.
24. one or more machinable mediums, including the multiple instruction being stored thereon, the instruction is in response to being held Go and cause method of the computing device according to any one of claim 13-22.
25. a kind of computing device, including for performing the module of the method according to any one of claim 13-22.
CN201680012399.2A 2015-03-27 2016-02-26 Techniques for secure server access using a trusted license proxy Active CN107409128B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US14/670,959 2015-03-27
US14/670,959 US9749323B2 (en) 2015-03-27 2015-03-27 Technologies for secure server access using a trusted license agent
PCT/US2016/019791 WO2016160209A1 (en) 2015-03-27 2016-02-26 Technologies for secure server access using a trusted license agent

Publications (2)

Publication Number Publication Date
CN107409128A true CN107409128A (en) 2017-11-28
CN107409128B CN107409128B (en) 2020-12-04

Family

ID=56974458

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201680012399.2A Active CN107409128B (en) 2015-03-27 2016-02-26 Techniques for secure server access using a trusted license proxy

Country Status (4)

Country Link
US (2) US9749323B2 (en)
EP (1) EP3275159B1 (en)
CN (1) CN107409128B (en)
WO (1) WO2016160209A1 (en)

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10832818B2 (en) 2013-10-11 2020-11-10 Masimo Corporation Alarm notification system
US9749323B2 (en) * 2015-03-27 2017-08-29 Intel Corporation Technologies for secure server access using a trusted license agent
CN105187282B (en) * 2015-08-13 2018-10-26 小米科技有限责任公司 Control method, device, system and the equipment of smart home device
US9578054B1 (en) 2015-08-31 2017-02-21 Newman H-R Computer Design, LLC Hacking-resistant computer design
CN106960148B (en) * 2016-01-12 2021-05-14 阿里巴巴集团控股有限公司 Method and device for distributing equipment identifiers
US11290425B2 (en) * 2016-02-01 2022-03-29 Airwatch Llc Configuring network security based on device management characteristics
US10338957B2 (en) 2016-12-27 2019-07-02 Intel Corporation Provisioning keys for virtual machine secure enclaves
US10530777B2 (en) * 2017-01-24 2020-01-07 Microsoft Technology Licensing, Llc Data unsealing with a sealing enclave
US10911451B2 (en) 2017-01-24 2021-02-02 Microsoft Technology Licensing, Llc Cross-platform enclave data sealing
US10749690B2 (en) 2017-03-10 2020-08-18 Samsung Electronics Co., Ltd. System and method for certificate authority for certifying accessors
US10726120B2 (en) * 2017-03-31 2020-07-28 Intel Corporation System, apparatus and method for providing locality assertion between a security processor and an enclave
US10986078B2 (en) * 2017-11-21 2021-04-20 Vmware, Inc. Adaptive device enrollment
US10749870B2 (en) 2017-11-21 2020-08-18 Vmware, Inc. Adaptive device enrollment
US10798103B2 (en) 2017-11-21 2020-10-06 VWware, Inc. Adaptive device enrollment
US10972468B2 (en) 2017-11-21 2021-04-06 Vmware, Inc. Adaptive device enrollment
KR102537788B1 (en) 2018-11-28 2023-05-30 삼성전자주식회사 Server and method for determining the integrity of the appliacion using thereof
CN110998575B (en) * 2019-04-19 2024-04-16 创新先进技术有限公司 Method and apparatus for executing trusted applications on a processor supporting a protected execution environment
US12039057B2 (en) * 2021-12-03 2024-07-16 Paypal, Inc. Implementing a cryptography agent and a secure hardware-based enclave to prevent computer hacking of client applications
US12401543B2 (en) 2022-12-29 2025-08-26 Garantir LLC Sharing secrets over one or more computer networks using proxies
US11736461B1 (en) * 2022-12-29 2023-08-22 Garantir LLC Sharing secrets over one or more computer networks using proxies

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080086777A1 (en) * 2006-10-06 2008-04-10 Macrovision Corporation Computer-implemented method and system for binding digital rights management information to a software application
CN101183417A (en) * 2006-11-16 2008-05-21 达诺媒体有限公司 Systems and methods for collaborative content distribution and generation
US20110142510A1 (en) * 2008-08-06 2011-06-16 Kabushiki Kaisha Toshiba Fixing device
US20120166795A1 (en) * 2010-12-24 2012-06-28 Wood Matthew D Secure application attestation using dynamic measurement kernels
CN103037312A (en) * 2011-10-08 2013-04-10 阿里巴巴集团控股有限公司 Message push method and message push device
US8601550B2 (en) * 2004-06-24 2013-12-03 Aventail Llc Remote access to resources over a network
US20160251816A1 (en) * 2015-02-26 2016-09-01 Zhen Li Subsea System for the Installation, Suspension and Removal of Production and Processing Equipment
US20170237501A1 (en) * 2015-11-02 2017-08-17 Zte Usa (Tx) System and methods for high symbol-rate optical nyquist signal generation with roll-off factor approaching zero

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2403108A (en) * 2003-06-20 2004-12-22 Sharp Kk Remote access via a holding area
GB0520836D0 (en) * 2005-10-13 2005-11-23 Scansafe Ltd Remote access to resources
WO2009050583A2 (en) * 2007-08-29 2009-04-23 Youtility Software, Inc. Secure network interactions using desktop agent
WO2013089771A1 (en) * 2011-12-16 2013-06-20 Intel Corporation Secure user attestation and authentication to a remote server
US9887983B2 (en) * 2013-10-29 2018-02-06 Nok Nok Labs, Inc. Apparatus and method for implementing composite authenticators
WO2014196966A1 (en) * 2013-06-04 2014-12-11 Intel Corporation Technologies for hardening the security of digital information on client platforms
US9276750B2 (en) * 2013-07-23 2016-03-01 Intel Corporation Secure processing environment measurement and attestation
US9698989B2 (en) * 2013-07-23 2017-07-04 Intel Corporation Feature licensing in a secure processing environment
US9860187B2 (en) * 2014-02-28 2018-01-02 Mobile Iron, Inc. Enrolling a mobile device with an enterprise mobile device management environment
US9621547B2 (en) * 2014-12-22 2017-04-11 Mcafee, Inc. Trust establishment between a trusted execution environment and peripheral devices
US9749323B2 (en) * 2015-03-27 2017-08-29 Intel Corporation Technologies for secure server access using a trusted license agent

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8601550B2 (en) * 2004-06-24 2013-12-03 Aventail Llc Remote access to resources over a network
US20080086777A1 (en) * 2006-10-06 2008-04-10 Macrovision Corporation Computer-implemented method and system for binding digital rights management information to a software application
CN101183417A (en) * 2006-11-16 2008-05-21 达诺媒体有限公司 Systems and methods for collaborative content distribution and generation
US20110142510A1 (en) * 2008-08-06 2011-06-16 Kabushiki Kaisha Toshiba Fixing device
US20120166795A1 (en) * 2010-12-24 2012-06-28 Wood Matthew D Secure application attestation using dynamic measurement kernels
CN103270519A (en) * 2010-12-24 2013-08-28 英特尔公司 Secure application attestation using dynamic measurement kernels
CN103037312A (en) * 2011-10-08 2013-04-10 阿里巴巴集团控股有限公司 Message push method and message push device
US20160251816A1 (en) * 2015-02-26 2016-09-01 Zhen Li Subsea System for the Installation, Suspension and Removal of Production and Processing Equipment
US20170237501A1 (en) * 2015-11-02 2017-08-17 Zte Usa (Tx) System and methods for high symbol-rate optical nyquist signal generation with roll-off factor approaching zero

Also Published As

Publication number Publication date
WO2016160209A1 (en) 2016-10-06
US20160285875A1 (en) 2016-09-29
CN107409128B (en) 2020-12-04
US20180041513A1 (en) 2018-02-08
US10135828B2 (en) 2018-11-20
EP3275159B1 (en) 2020-07-29
EP3275159A4 (en) 2018-10-31
EP3275159A1 (en) 2018-01-31
US9749323B2 (en) 2017-08-29

Similar Documents

Publication Publication Date Title
CN107409128B (en) Techniques for secure server access using a trusted license proxy
US11258605B2 (en) Out-of-band remote authentication
US10437985B2 (en) Using a second device to enroll a secure application enclave
US10885197B2 (en) Merging multiple compute nodes with trusted platform modules utilizing authentication protocol with active trusted platform module provisioning
US9055052B2 (en) Method and system for improving storage security in a cloud computing environment
US9081989B2 (en) System and method for secure cloud computing
TW201732669A (en) Controlled secure code authentication
CN104969201A (en) Secure interface for invoking privileged operations
KR101729960B1 (en) Method and Apparatus for authenticating and managing an application using trusted platform module
US10936722B2 (en) Binding of TPM and root device
EP2798772A1 (en) Web authentication using client platform root of trust
CN113906424B (en) Apparatus and method for disk authentication
US20100250949A1 (en) Generation, requesting, and/or reception, at least in part, of token
US20230229752A1 (en) Attestation of application identity for inter-app communications
US9195838B2 (en) Method and apparatus for providing provably secure user input/output
Cheng et al. Per-user network access control kernel module with secure multifactor authentication: S.–T. Cheng et al.
CN118312946A (en) Host authentication method, host authentication device and related equipment
Huang et al. Research on Linux trusted boot method based on reverse integrity verification
Nosouhi et al. Towards Availability of Strong Authentication in Remote and Disruption-Prone Operational Technology Environments

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant